Restrictive umask and permissions may cause a built snap to be unusable
Bug #1515394 reported by
Bruno Nova
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Click Reviewers tools (obsolete) |
Won't Fix
|
Undecided
|
Unassigned | ||
Snapcraft |
Won't Fix
|
High
|
Unassigned | ||
Snappy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I use the umask 007 in my system.
When I built a test package with snapcraft and installed it in a Snappy Core system, most of the files and folders of the package where not accessible by the "other" users, and thus I couldn't run the binaries (no permission).
I think snappy/snapcraft should make some permissions/umask checks.
Maybe snapcraft or "snappy build" should check the permissions of all packaged files and directories (like how the Debian build tools do), and either correct the permissions or warn the user about files that have strange permissions.
Snapcraft could also enforce an umask of 002 or 022.
description: | updated |
Changed in snapcraft: | |
importance: | Undecided → High |
Changed in snapcraft: | |
milestone: | none → next |
Changed in snapcraft: | |
milestone: | 2.3 → next |
Changed in snapcraft: | |
assignee: | nobody → Sergio Schvezov (sergiusens) |
Changed in snapcraft: | |
status: | Triaged → In Progress |
Changed in snapcraft: | |
milestone: | 2.4 → next |
Changed in snapcraft: | |
milestone: | next → none |
Changed in snapcraft: | |
assignee: | Sergio Schvezov (sergiusens) → nobody |
status: | Confirmed → Triaged |
To post a comment you must log in.
Yes, it makes sense that snapcraft check the package for usefulness,
good catch, thank you!