-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Add checks for files with read permissions too narrow #4187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Hi @villasv ! Long time no see 😉 I suppose they are using local or ssh remote, right? Or are they using shared cache dir? |
IIRC they're using a combination of shared cache dir and s3 remotes, but mostly S3. Does pushing/pulling the file to to/from S3 remote unset those permissions? Didn't think about it, but makes sense. So they might be having trouble with the shared dir, or they're attempting to change protected hardlinks and misdiagnosed the problem. |
@villasv Yeah, s3 doesn't preserve the regular fs permissions, so the issue is clearly on the cache dir side. Also, I wonder if they use |
If it's not default, probably not. My bet is on the "attempting to change protected files" side. I'm going to leave the feature suggestion if it can be useful for people using the shared cache settings. |
This is not a problem I perceived directly, but got as feedback from the data science team.
Let's say someone on the team mistakenly ran
dvc repro
withsudo
, generating output files that have strict read permissions. This person then pushes the hashes to git remote and the files to dvc remote. Now the rest of the team can't reproduce the pipeline without sudoeing out the wrong permissions first. To prevent this from happening, it would be cool if DVC issued a warning for files being pushed with weird permissions.The text was updated successfully, but these errors were encountered: