[PATCH] blackbox: add logreadonlybyuser to restrict permission to log (issue5065)

timeless timeless at gmail.com
Mon Mar 14 14:48:10 EDT 2016


While we should eventually worry about ACLs, afaik, we don't currently
care about ACLs for Hg's own store, and I'd rather cross the ACL
bridge for blackbox once we get the Hg store ACL story straight.

(Hg Store does have a umask story, although I don't have a reference
for it handy.)

If we're in desperate need of a Windows story for blackbox (because
someone has a real multiuser windows system with mercurial), i'm
willing to look at specific ACL stories sooner. But while I know that
multiuser windows systems exist, and network file systems (CIFS) exist
for windows, I don't expect typical Mercurial users to be using either
of them -- please correct me if I'm wrong.

On Mon, Mar 14, 2016 at 1:13 PM, Augie Fackler <raf at durin42.com> wrote:
> On Mon, Mar 14, 2016 at 02:52:57PM +0000, Ryan McElroy wrote:
>> On 3/14/2016 7:59 AM, timeless wrote:
>> >first, I'd rather start by making the log not world readable.
>> >
>> >>+            logreadonlybyuser = self.hasconfig('blackbox', 'logreadonlybyuser')
>> >second, we typically use configbool(..., ..., False).
>> >I'm not sure what hasconfig is/does, but I suspect it's the wrong thing.
>> >e.g --config blackbox.logreadonlybyuser=False
>> >
>> >third, I'm not a fan of the name.
>> >
>> >and finally, I want to take some time to think about this before we
>> >take it. (other feedback is welcome)
>>
>> I agree with most of the points timeless brings up, but my suggestion on the
>> way forward would be to make this config be a umask, and call it
>> "blackbox.umask" and have it set to 007 by default (though I'm not strongly
>> wed to any particular default).
>
> A thought: shouldn't we do something similar with ACLs on Windows
> machines, where this won't be a umask?
>
>>
>> In my opinion, this is much more clear and much more flexible, plus it's
>> shorter too. Yay!
>> _______________________________________________
>> Mercurial-devel mailing list
>> Mercurial-devel at mercurial-scm.org
>> https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at mercurial-scm.org
> https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel


More information about the Mercurial-devel mailing list