Skip to content
Snippets Groups Projects
New look: Off

Respect file permission

    • Closed Issue created by Vipul @finn0 
    $ ls -l test1.png
-rw-------. 1 finn finn 278088 Sep 14 04:12 test1.png

$ mat2 test1.png
$ ls -l test1*
-rw-r--r--. 1 finn finn 278091 Sep 14 04:14 test1.cleaned.png
-rw-------. 1 finn finn 278088 Sep 14 04:12 test1.png

    Is it expected behavior? Shouldn't test1.cleaned.png also have same file permission as test1.png (i.e. 600 instead of 644)?

    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • jvoisin
      jvoisin @jvoisin ·
      Owner

      What is your umask?

    • F
      Vipul @finn0 ·
      Author 
      $ umask
0022

      Seems like mat2 creates a new copy of file that's why cleaned file has same permission as newly created file in the system. I was wondering, shouldn't mat2 change the file permission of cleaned file to same as original file after cleaning process is done?

      PS: This may be lead to a problem where I want to have a file which is only readable and writable by owner (i.e. having 600 permission) but, cleaned copy of the file is also readable to group and anyone due having 644 permission.

      Edited by Vipul
      • G
        georg @georg ·
        Developer

        IMHO, it should respect the umask. (Probably, that's worth documenting.)

        Edited by georg
      • F
        Vipul @finn0 ·
        Author

        Let's suppose I've a secret document (secret.pdf) with 600 (-rw-------) file permission and I run mat2 secret.pdf command after that one cleaned file (secret.cleaned.pdf) will be created with 644 (-rw-r--r--) file permission if umask is 0022 which is default value for many distro. Now, this secret document can be read by anyone which neither I or anybody wants. Doesn't it lead to a problem where we make user's secret document to readable by everyone? @georg, what do you think? This could lead to more severe problem in upcoming release where we're replacing original file with cleaned copy and add suffix .bak to original file (#117). Anyway, all of the copying command (like cp, rsync etc) in *nix respects file permission not umask and in end of the day we're creating a copy of file with no harmful metadata.

        Edited by Vipul
      • Please register or sign in to reply
    • jvoisin
      jvoisin @jvoisin ·
      Owner

      I'm not sure about this, I would like to have other people's opinion.

      @smagnin, @jfriedli, @atenart ?

    • jvoisin changed milestone to %1.0 - Pony

      changed milestone to %1.0 - Pony

    • jvoisin added question security usability labels

      added question security usability labels

    • G
      georg @georg ·
      Developer

      I've checked different tools, some respect file permission, some do not, and rely on umask. Considering the nature of mat2, and what this tool is used for, I guess applying "sane defaults" makes sense, that is, respect file permissions. (I'm revoking my note posted earlier in this thread.)

      Edited by georg
    • jfriedli
      jfriedli @jfriedli ·

      I support @georg latest answer

    • jvoisin added good first issue label

      added good first issue label

    • jvoisin
      jvoisin @jvoisin ·
      Owner

      Done in 4034cf9a

    • jvoisin closed

      closed

    Please register or sign in to reply