Bug?: manpages are only readable by root when doing sudo make install with umask 077

classic Classic list List threaded Threaded
10 messages Options
Antoine Amarilli-2 Antoine Amarilli-2
Reply | Threaded
Open this post in threaded view
|

Bug?: manpages are only readable by root when doing sudo make install with umask 077

Hi all,

My user has umask 077. When I do sudo make install, this umask seems to
affect installation: the folders /usr/local/share/man/man* get created
as belonging to root:staff with permissions 2700, so the installed
manpages cannot be read by anyone except root. With the default umask of
002, however, the folders are correctly created with permissions 2755.

It doesn't make sense to install manpages that only root can read, so
wouldn't it be better if the Makefile somehow used a different umask
when installing man pages?

Best,

--
Antoine Amarilli


_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (849 bytes) Download Attachment
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: Bug?: manpages are only readable by root when doing sudo make install with umask 077

On Wed 2018-01-10 16:38:14 +0100, Antoine Amarilli wrote:

> My user has umask 077. When I do sudo make install, this umask seems to
> affect installation: the folders /usr/local/share/man/man* get created
> as belonging to root:staff with permissions 2700, so the installed
> manpages cannot be read by anyone except root. With the default umask of
> 002, however, the folders are correctly created with permissions 2755.
>
> It doesn't make sense to install manpages that only root can read, so
> wouldn't it be better if the Makefile somehow used a different umask
> when installing man pages?

how is the installation happening for you?  In Makefile.local, i see:

        install -m0644 $(filter %.1.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man1
        install -m0644 $(filter %.5.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man5
        install -m0644 $(filter %.7.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man7

which suggests that the -m would override the umask.

is your installation doing something different somehow?

   --dkg

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (847 bytes) Download Attachment
Antoine Amarilli-2 Antoine Amarilli-2
Reply | Threaded
Open this post in threaded view
|

Re: Bug?: manpages are only readable by root when doing sudo make install with umask 077

Hi Daniel,

Thanks for your reply!

On Wed, Jan 10, 2018 at 11:23:03AM -0500, Daniel Kahn Gillmor wrote:
> On Wed 2018-01-10 16:38:14 +0100, Antoine Amarilli wrote:
> how is the installation happening for you?  In Makefile.local, i see:
>
> install -m0644 $(filter %.1.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man1
> install -m0644 $(filter %.5.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man5
> install -m0644 $(filter %.7.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man7
>
> which suggests that the -m would override the umask.

That's right. Looking more closely I think the issue is only with the
permissions of the directories /usr/local/share/man/man*, not the files
that they contain. Of course this is still an obstacle for the manpages
to be readable. So I guess the following in doc/Makefile.local (just
above what you quoted):
 
        mkdir -p "$(DESTDIR)$(mandir)/man1"
        mkdir -p "$(DESTDIR)$(mandir)/man5"
        mkdir -p "$(DESTDIR)$(mandir)/man7"

does not override the umask. I suspect that the parameter -m0644 should
be passed to these invocations too.

Best,

--
Antoine Amarilli


_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (849 bytes) Download Attachment
Tomi Ollila-2 Tomi Ollila-2
Reply | Threaded
Open this post in threaded view
|

Re: Bug?: manpages are only readable by root when doing sudo make install with umask 077

On Wed, Jan 10 2018, Antoine Amarilli wrote:

> Hi Daniel,
>
> Thanks for your reply!
>
> On Wed, Jan 10, 2018 at 11:23:03AM -0500, Daniel Kahn Gillmor wrote:
>> On Wed 2018-01-10 16:38:14 +0100, Antoine Amarilli wrote:
>> how is the installation happening for you?  In Makefile.local, i see:
>>
>> install -m0644 $(filter %.1.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man1
>> install -m0644 $(filter %.5.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man5
>> install -m0644 $(filter %.7.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man7
>>
>> which suggests that the -m would override the umask.
>
> That's right. Looking more closely I think the issue is only with the
> permissions of the directories /usr/local/share/man/man*, not the files
> that they contain. Of course this is still an obstacle for the manpages
> to be readable. So I guess the following in doc/Makefile.local (just
> above what you quoted):
>  
>         mkdir -p "$(DESTDIR)$(mandir)/man1"
>         mkdir -p "$(DESTDIR)$(mandir)/man5"
>         mkdir -p "$(DESTDIR)$(mandir)/man7"
>
> does not override the umask. I suspect that the parameter -m0644 should
> be passed to these invocations too.

If user has set umask to 077, should we override that (as we're now doing
with the files by giving explicit permissions) ?


>
> Best,
>
> --
> Antoine Amarilli
>
> _______________________________________________
> notmuch mailing list
> [hidden email]
> https://notmuchmail.org/mailman/listinfo/notmuch
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: Bug?: manpages are only readable by root when doing sudo make install with umask 077

In reply to this post by Antoine Amarilli-2
Hi Antoine--

On Wed 2018-01-10 19:29:59 +0100, Antoine Amarilli wrote:

> On Wed, Jan 10, 2018 at 11:23:03AM -0500, Daniel Kahn Gillmor wrote:
> That's right. Looking more closely I think the issue is only with the
> permissions of the directories /usr/local/share/man/man*, not the files
> that they contain. Of course this is still an obstacle for the manpages
> to be readable. So I guess the following in doc/Makefile.local (just
> above what you quoted):
>  
>         mkdir -p "$(DESTDIR)$(mandir)/man1"
>         mkdir -p "$(DESTDIR)$(mandir)/man5"
>         mkdir -p "$(DESTDIR)$(mandir)/man7"
>
> does not override the umask. I suspect that the parameter -m0644 should
> be passed to these invocations too.

That sounds about right, though i think you want -m0755, since the
directories need the executable bit set to be traversable.

Would you try this out (probably have to remove the existing directories
first to test it, assuming that there's nothing there from anything
other than notmuch), and then send a patch directly to the mailing list?

thanks for your attention to detail here, it's the best way to make
things work for everyone in the future :)

       --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: Bug?: manpages are only readable by root when doing sudo make install with umask 077

In reply to this post by Tomi Ollila-2
On Wed 2018-01-10 21:45:34 +0200, Tomi Ollila wrote:
> If user has set umask to 077, should we override that (as we're now doing
> with the files by giving explicit permissions) ?

/usr/bin/install itself does already override the user's umask, and it's
being run by the superuser ("sudo make install") who might not have the
same umask.  I think this is the right thing to do if we want the
installation to actually work for people.

fixing the mkdir invocations just brings them in line with the logic of
the /usr/bin/install invocations.

             --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Antoine Amarilli-2 Antoine Amarilli-2
Reply | Threaded
Open this post in threaded view
|

Re: Bug?: manpages are only readable by root when doing sudo make install with umask 077

In reply to this post by Daniel Kahn Gillmor
Hi Daniel,

Thanks for your answer, and sorry for the ridiculous delay.

On Wed, Jan 10, 2018 at 03:40:13PM -0500, Daniel Kahn Gillmor wrote:

> On Wed 2018-01-10 19:29:59 +0100, Antoine Amarilli wrote:
> > On Wed, Jan 10, 2018 at 11:23:03AM -0500, Daniel Kahn Gillmor wrote:
> > That's right. Looking more closely I think the issue is only with the
> > permissions of the directories /usr/local/share/man/man*, not the files
> > that they contain. Of course this is still an obstacle for the manpages
> > to be readable. So I guess the following in doc/Makefile.local (just
> > above what you quoted):
> >  
> >         mkdir -p "$(DESTDIR)$(mandir)/man1"
> >         mkdir -p "$(DESTDIR)$(mandir)/man5"
> >         mkdir -p "$(DESTDIR)$(mandir)/man7"
> >
> > does not override the umask. I suspect that the parameter -m0644 should
> > be passed to these invocations too.
>
> That sounds about right, though i think you want -m0755, since the
> directories need the executable bit set to be traversable.
Correct, thanks for pointing this out!

> Would you try this out (probably have to remove the existing directories
> first to test it, assuming that there's nothing there from anything
> other than notmuch),

Yup, it works.

> and then send a patch directly to the mailing list?

Doing this in a separate email.

Best,

--
Antoine Amarilli


_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (849 bytes) Download Attachment
Antoine Amarilli-2 Antoine Amarilli-2
Reply | Threaded
Open this post in threaded view
|

[PATCH] doc: create manpage folders with right permissions

Avoids the issue where umask can make man pages unreadable after
installation. Relevant email on the mailing-list:
<[hidden email]>
---
 doc/Makefile.local | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/Makefile.local b/doc/Makefile.local
index c6f05ca8..a1739e15 100644
--- a/doc/Makefile.local
+++ b/doc/Makefile.local
@@ -89,9 +89,9 @@ install-man:
 else
 build-man: ${MAN_GZIP_FILES}
 install-man: ${MAN_GZIP_FILES}
- mkdir -p "$(DESTDIR)$(mandir)/man1"
- mkdir -p "$(DESTDIR)$(mandir)/man5"
- mkdir -p "$(DESTDIR)$(mandir)/man7"
+ mkdir -m0755 -p "$(DESTDIR)$(mandir)/man1"
+ mkdir -m0755 -p "$(DESTDIR)$(mandir)/man5"
+ mkdir -m0755 -p "$(DESTDIR)$(mandir)/man7"
  install -m0644 $(filter %.1.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man1
  install -m0644 $(filter %.5.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man5
  install -m0644 $(filter %.7.gz,$(MAN_GZIP_FILES)) $(DESTDIR)/$(mandir)/man7
--
2.15.1
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] doc: create manpage folders with right permissions

On Wed 2018-01-31 21:50:45 +0100, Antoine Amarilli wrote:
> Avoids the issue where umask can make man pages unreadable after
> installation. Relevant email on the mailing-list:
> <[hidden email]>

lgtm, and i've tagged to suggest that it's ready for inclusion.

thanks, Antoine!

      --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
David Bremner-2 David Bremner-2
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] doc: create manpage folders with right permissions

In reply to this post by Antoine Amarilli-2
Antoine Amarilli <[hidden email]> writes:

> Avoids the issue where umask can make man pages unreadable after
> installation. Relevant email on the mailing-list:
> <[hidden email]>

Pushed to master, thanks for your contribution.

d
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch