Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg installer: Fix ownership of files installed into $HOME #784

Merged
merged 13 commits into from
May 8, 2024
Merged

pkg installer: Fix ownership of files installed into $HOME #784

merged 13 commits into from
May 8, 2024

Conversation

marcoesters
Copy link
Contributor

@marcoesters marcoesters commented May 1, 2024
edited by jaimergp
Loading

Description

When installing outside $HOME, the pkg installer installs as root. Constructor changes the ownership of the $PREFIX directory to $USER:

constructor/constructor/osx/run_installation.sh

Line 115 in 58385ee

chown -R "$USER" "$PREFIX"

However, the installer creates additional files and directories outside of $PREFIX:

  • ${HOME}/.conda
  • All files and directories created by conda init, e.g., ${HOME}/.bash_profile or ${HOME}/.config/powershell

This PR fixes the ownership of those files and directories as well.

Checklist - did you ...

  • Add a file to the news directory (using the template) for the next release's release notes?
  • Add / update necessary tests?
  • Add / update outdated documentation?

@conda-bot conda-bot added the cla-signed [bot] added once the contributor has signed the CLA label May 1, 2024
@marcoesters marcoesters changed the title Pkg file permissions pkg installer: Fix ownership of files installed into $HOME May 1, 2024
@marcoesters marcoesters marked this pull request as ready for review May 1, 2024 17:42
@marcoesters marcoesters requested a review from a team as a code owner May 1, 2024 17:42
jaimergp
jaimergp reviewed May 8, 2024
View reviewed changes
constructor/osx/run_installation.sh
# install location, the permissions will default to root unless this is done.
chown -R "$USER" "$PREFIX"
chown -R "$USER" "${HOME}/.conda"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it might also leave a .condarc somewhere if the config file asked for that option. Should we add it here too? e.g.

Suggested change
chown -R "$USER" "${HOME}/.conda"
test -f "${HOME}/.condarc" && chown "$USER" "${HOME}/.condarc"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I tested it, .condarc had the correct ownership, but better safe than sorry.

jaimergp
jaimergp reviewed May 8, 2024
View reviewed changes
constructor/osx/update_path.sh Outdated
Comment on lines 19 to 42
if [[ "${USER}" != "root" ]]; then
echo "Fixing permissions..."
read -r -a MODIFIED_FILES <<< "$(\
echo "${INIT_FILES}" |\
grep modified |\
awk '{print $2}' |\
# Only grab files inside $HOME or $PREFIX.
# All init files should be there, but that may change, and it
# is better to miss files than to have an infinite loop below.
grep -E "^(${HOME}|${PREFIX})"\
)"
for file in "${MODIFIED_FILES[@]}"; do
while [[ "${file}" != "${HOME}" ]] && [[ "${file}" != "${PREFIX}" ]]; do
# Check just in case the file wasn't created due to flaky conda init
if [[ -f "${file}" ]] || [[ -d "${file}" ]]; then
OWNER=$(stat -f "%u" "${file}" | id -un)
if [[ "${OWNER}" == "root" ]]; then
chown "${USER}" "${file}"
fi
fi
file="${file%/*}"
done
done
fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome shell skills here! This script is called with sh though, so I think we need to either:

  • Change the shebang to bash
  • Make sure we only use strict POSIX (e.g. no [[ ]] ifs).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't sh link to bash on MacOS?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even if it does, I think it's better to be explicit. I changed the shell to bash since that's what we're using in the other scripts as well.

@jaimergp
Copy link
Contributor

jaimergp commented May 8, 2024

Let's double check SH vs BASH vs POSIX for that nice chunk of shell code :)

@marcoesters marcoesters merged commit c17eed5 into conda:main May 8, 2024
15 checks passed
@marcoesters marcoesters deleted the pkg-file-permissions branch May 8, 2024 21:42
@ryanvolz ryanvolz mentioned this pull request Jun 13, 2024
Open
@jaimergp jaimergp mentioned this pull request Jul 12, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaimergp jaimergp jaimergp approved these changes

Assignees
No one assigned
Labels
cla-signed [bot] added once the contributor has signed the CLA
Projects
🔎 Review
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marcoesters @jaimergp @conda-bot