Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Usage on bitbucket pipelines not possible due to "chmod(): Operation not permitted" #380

Open
JoshuaBehrens opened this issue Oct 9, 2022 · 3 comments

Comments

@JoshuaBehrens
Copy link

I have an issue using phive on bitbucket pipelines. On there chmod operation is forbidden. I already have the tools (target name is bin) directory for non-phive tools but the ensure method tries to ensure the access of the directory. It is 0777 and phive tries to force 0755.

[ERROR]   An error occurred while processing your request:
          Creating directory "./bin" failed.
          
          #0 vendor/phar-io/filesystem/src/Directory.php(79)
          #1 src/shared/config/PhiveXmlConfig.php(231): PharIo\FileSystem\Directory->ensureExists()
          #2 src/shared/config/PhiveXmlConfig.php(129): PharIo\Phive\PhiveXmlConfig->nodeToConfiguredPhar()
          #3 src/commands/install/InstallCommandConfig.php(94): PharIo\Phive\PhiveXmlConfig->getPhars()
          #4 src/commands/install/InstallCommandConfig.php(72): PharIo\Phive\InstallCommandConfig->getPharsFromPhiveXmlConfig()
          #5 src/commands/install/InstallCommand.php(45): PharIo\Phive\InstallCommandConfig->getRequestedPhars()
          #6 src/shared/cli/Runner.php(241): PharIo\Phive\InstallCommand->execute()
          #7 src/shared/cli/Runner.php(95): PharIo\Phive\Cli\Runner->execute()
          #8 (354): PharIo\Phive\Cli\Runner->run()
          #9 {main}
          Environment: PHP 7.4.32 (on Linux 5.15.0-1019-aws)
          Phive Version: 0.15.1

https://github.com/phar-io/filesystem/blob/master/src/Directory.php#L75-L77

To change phive I would need to either separate chmod from mkdir and this is not in phive itself, or I need to add a check before chmod whether operation will fail (and I am not sure yet how to check lsattr does not show immutable flag) to skip it if it will fail for permission reasons.

Any ideas how to approach this? I am keen to make pull requests for this but I am not sure what is a good way

@theseer
Copy link
Member

theseer commented Oct 14, 2022

Still pondering about this. I'm not happy to "allow" 777, because that's quite a dangerous mode from a security perspective. Best would be 700 but that's of course a bit too strict for most use cases.

I'll think about it some more :)

@theseer
Copy link
Member

theseer commented Oct 14, 2022

I guess we'll have to remove the enforcing from the library - which probably is a good idea either way ;) - and add an option to phive to allow insecure directory permissions.

@JoshuaBehrens
Copy link
Author

I can do that :) thank you for your thoughts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants