Skip to content

remote: ssh: push: make files protected (read-only) when uploading #3839

New issue
New issue
Closed as not planned
Closed as not planned
remote: ssh: push: make files protected (read-only) when uploading#3839
Labels
enhancementEnhances DVCp2-mediumMedium priority, should be done, but less important
@gwerbin

Description

@gwerbin
gwerbin
opened on May 20, 2020

Versions

  • DVC: 0.94.0
  • Installation method: Pip via Pipx
  • Platform: Linux

Intended behavior

In a local-file or SSH remote, files are expected to have 444 permissions. dvc pull should not modify files in the remote.

Current behavior

  1. dvc push creates files in the remote according to the user's default umask, typically 022, resulting in files with 644 permissions
  2. dvc pull notices that some files have incorrect permissions, and tries to fix them with chmod.
  3. If the above-mentioned files are not owned by the current user, the chmod fails and dvc pull fails with an error.
  4. To fix it, the file owner must manually chmod 444 every affected file in the remote, e.g. with find <remote-dir> -type f -exec chmod 444 '{}' \;

Solution

As discussed on Discord, dvc push should set the correct file permissions, and dvc pull should not attempt to mess with file permissions at all.

My additional suggestion is to have dvc push and dvc pull emit a warning when it detects incorrect file permissions, and/or give the user an option to ignore incorrect permissions.

This bug report is related to feature request iterative/dvc-ssh#15 , which would ensure that directories in the remote are created with either 755 or 775 permissions as needed by the user.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementEnhances DVCp2-mediumMedium priority, should be done, but less important

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions