New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
syscall: windows doesn't allow read-only directories #35042
Comments
cc @jayconrod like the other bug. |
Same question here: is there anything to actively do for this issue? (Should we leave it open, or close it and just use it as a point of reference?) |
Hmm... At the very least, the documentation for
It notably does not mention any behavior for directories. |
Windows files and directory permissions cannot be mapped onto Unix user/group/everyone + read/write/execute. Most Windows users don't care about file permissions - as long as their files inherit permissions of containing directories, most things just work. For anything unusual Windows Go users would have to use Windows APIs directly. More documentation is not always better. If documentation is long, people won't read it. But we should correct wrong documentation. Alex |
I'm in way over my head, but from what I can tell there may be a reasonable mapping of the unix “write” permission bit to the windows Similarly, the execute bit might reasonably map to (But none of that is to say that we should actually implement that mapping.) |
Same here. I will let Jason reply to you, if he wants to. I think we should leave things as they are. Alex |
Mapping Unix permission bits to Windows ACLs probably makes more sense than what we do now, which is mapping a single Unix permission bit to a "file attribute", which is not an ACL (and apparently doesn't work for directories either). I think there probably would be a quasi coherent scheme we could come up with, for all of user, group, and world, and maybe even for the sticky bit. It would map better than what we currently have and would wind up supporting things like directories. But it does certainly require more than a moment's thought. As with most things Windows, the devil is in the details. The actual implementation would wind up looking something like: func unixPermToSA(perm FileMode) *SECURITY_ATTRIBUTES And then all of the various Windows file creation and retrieval functions will take or return a security attribute struct, which we're currently passing in as nil. But, as I said, the devil is really in the details, and there are tons of unanswered questions. Then, let's say we get the mapping down. Do we want to emulate umask too? Probably, since people tend to pass in 0666 rather than 0644. So now we're doing umask emulation... It all seems possible to do, but probably hard, and risky if it's not done right. So maybe this kind of project is best deferred until somebody actually complains compellingly about the status quo. |
@jstarks has Microsoft published a guide re mapping Unix filemode to/from Windows security_attributes? Or is there .NET code to handle this? |
There is no such document that I am aware of. I don't think you want to try to do anything automatic with ACLs. You're unlikely to come up with a policy that will make everyone happy. |
A new table-driven test is added, covering new cases as well as replacing the two existing tests. Tests run in a temp dir filesystem, to ensure permission issues are actually tested. TestPrepareLogFile_ReturnsErrIfParentDirIsReadOnly is separate from the other log file tests, as there is no portable way of handling folder permissions on a real filesystem. (Go has no way to set Windows folder permissions:golang/go#35042) Thus it tests the "can't write even the .logs/ dir" case by setting the whole afero FS to read only... In the real world, this would happen if the Windows folder is marked read only, or POSIX permissions don't allow writing to it.
A new table-driven test is added, covering new cases as well as replacing the two existing tests. Tests run in a temp dir filesystem, to ensure permission issues are actually tested. TestPrepareLogFile_ReturnsErrIfParentDirIsReadOnly is separate from the other log file tests, as there is no portable way of handling folder permissions on a real filesystem. (Go has no way to set Windows folder permissions:golang/go#35042) Thus it tests the "can't write even the .logs/ dir" case by setting the whole afero FS to read only... In the real world, this would happen if the Windows folder is marked read only, or POSIX permissions don't allow writing to it.
On Windows, right now we map the lack of the writable bit in Unix file permissions to FILE_ATTRIBUTES_READONLY. This sort of works fine, but MSDN says that it's not honored for directories. This has implications for the Go module cache.
I'm not suggesting that we change this mapping to something else right now, but in case things pop up down the line related to this, here's a bug to track it.
cc @bcmills @alexbrainman
The text was updated successfully, but these errors were encountered: