[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Any reason why user action hooks have to be +x?



So hooks have a pretty specific meaning - we say "put these files in these locations and run them".  If someone provides the file, and it isn't runnable, what value does that have for anyone (including us)?  

Definitely setting something as not executable is a choice - but here, in many cases, these are developers adding files based on documentation for the first time and they are *not* making the choice to make the file non-executable.  Also, as noted before windows makes it very difficult to set permissions correctly.  

Putting the effort into displaying a giant warning, where the only reasonable outcome is that a user is going to make the file executable, is missing the point.  If the only realistic choice for a user in this situation is to make the file executable, we should do it for them.  And by do it for them I mean it's something that should happen during the deployment on disk of the new git files.

If we could come up with a reason why this is a security problem - I might buy not setting it.  But for a choice to be meaningful for a developer (executable or not) there has to be some scenario under which their decision is meaningful.  In this case it appears it isn't meaningful.

----- Original Message -----
> ----- Original Message -----
> > From: "Clayton Coleman" <ccoleman redhat com>
> > To: "Michael McGrath" <mmcgrath redhat com>
> > Cc: "Dan Mace" <dmace redhat com>, dev lists openshift redhat com
> > Sent: Tuesday, September 3, 2013 1:08:14 PM
> > Subject: Re: Any reason why user action hooks have to be +x?
> > 
> > But why?  What possible problem is there from executing those scripts (the
> > point of this thread is to tease that out).  All I know is that this is a
> > problem for real users, and I don't see any value in us having this
> > restriction.  I guess I'd like to see an argument about WHY this is a bad
> > idea to make these specific scripts executable in this particular case, vs.
> > that in general in the linux world scripts don't make other scripts
> > executable.
> > 
> 
> It's really as simple as when I set something to not be executable, I expect
> it to not execute.
> 
> Also, if it is set unexecutable, how will you be calling it?  If someone
> writes a python start script, you can't call "sh ./start"
> 
> --
> Mike McGrath | mmcgrath redhat com | (312) 660-3547
> OpenShift | Red Hat Chicago | http://openshift.com/
> 
> 
> > ----- Original Message -----
> > > ----- Original Message -----
> > > > From: "Dan Mace" <dmace redhat com>
> > > > To: "Clayton Coleman" <ccoleman redhat com>
> > > > Cc: dev lists openshift redhat com
> > > > Sent: Tuesday, September 3, 2013 9:26:35 AM
> > > > Subject: Re: Any reason why user action hooks have to be +x?
> > > > 
> > > > I can't remember the arguments against setting the modes on the user's
> > > > behalf
> > > > (or working around the modes another way to make them irrelevant) when
> > > > this
> > > > came up in the past leading to the current design/documentation. I'm in
> > > > favor of finding some way to eliminate the mode requirement. I can't
> > > > think
> > > > of any reason we should support a case where the user commits a
> > > > non-executable script to the hooks directory that they intend to be
> > > > ignored
> > > > simply due to the mode (e.g. if you want to commit but disable the
> > > > hook,
> > > > rename or move it).
> > > > 
> > > 
> > > As a general rule, we shouldn't be executing scripts that are not set
> > > executable.  I get that this is confusing to new users, but the current
> > > setup is behaving as expected.  I think I would prefer a louder note when
> > > a
> > > script is found that is not executable.
> > > 
> > > =====
> > > NOTE:  .openshift/action_hooks/start is not executable and so OpenShift
> > > has
> > > skipped it.
> > > Please chmod +x .openshift/action_hooks/start to start it
> > > =====
> > > 
> > > Or something to that effect.  It's just a common convention and one worth
> > > observing.
> > > 
> > >     -Mike
> > > 
> > > 
> > > > --
> > > > Dan Mace
> > > > Sr. Software Engineer, Red Hat
> > > > 
> > > > 
> > > > ----- Original Message -----
> > > > > From: "Clayton Coleman" <ccoleman redhat com>
> > > > > To: dev lists openshift redhat com
> > > > > Sent: Tuesday, September 3, 2013 10:22:12 AM
> > > > > Subject: Any reason why user action hooks have to be +x?
> > > > > 
> > > > > Thinking through this... we've had a number of folks who hit the old
> > > > > "oops,
> > > > > my action hooks aren't +x".  Since we are no longer including the
> > > > > hooks
> > > > > in
> > > > > cart templates, it makes it more likely a new user is going to end up
> > > > > wasting their time trying to fix an arbitrary problem (it's burned
> > > > > even
> > > > > experienced developers).  Also, windows developers can't even easily
> > > > > fix
> > > > > modes - requires some git knowledge.
> > > > > 
> > > > > Is there a good reason we can't just "/bin/sh" each hook directly or
> > > > > auto
> > > > > +x
> > > > > it?  Or auto +x during deployment?
> > > > > 
> > > > > I vaguely remember discussions, would like to have a discussion on
> > > > > it.
> > > > > 
> > > > > _______________________________________________
> > > > > dev mailing list
> > > > > dev lists openshift redhat com
> > > > > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> > > > > 
> > > > 
> > > > _______________________________________________
> > > > dev mailing list
> > > > dev lists openshift redhat com
> > > > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> > > > 
> > > 
> > 
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]