[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-dev] more jk_jailuser bugs
From: |
Stephen Tallowitz |
Subject: |
Re: [Jailkit-dev] more jk_jailuser bugs |
Date: |
Mon, 14 Nov 2005 23:20:45 +0100 |
Hello Oli,
> jk_jailuser now adds secundary groups as well, and I've tried to work
> around the permission problem. shutil.copy() should work better because
> the docs say: "Permission bits are copied.".
>
> I try os.rename first, and if that fails I try shutil.copy()
>
> can you test?
Secondary groups work fine, nice refactoring in source code ;-)
Moving still doesn't work as expected. After studying the shutil.py source code
even more today, I've come to a bleak conclusion: there is not one single
method in that class that provides cross-device copying while preserving
ownership. There are several issues (some analysis):
- shutil.copy caters for access bits (meaning rwx, setuid, setgid, etc.)
- shutil.copy2 also copies atimes and mtimes of the files.
- the ideal method you're looking for (also preserve ownership) simply doesn't
exist in that library. (maybe copy3 could be implemented by the python
developers?)
- shutil.move more or less already does what you intended: try os.rename and if
that fails revert to copying.
- shutil.move uses shutil.copytree if the source is a directory and
shutil.copy2 if the source is a file
- shutil.copytree has several problems:
- first it creates the destination directory by using os.mkdir - probably as
the owner running the python program, which in the case of jk_jailuser is
totally undesirable.
- then it copies files within the directory using shutil.copy2, which as
mentioned before doesn't preserve ownership
- and if shutil.copytree finds any directories within the sourcetree (not
only files) it does a recursive call to itself, reproducing the problem
throughout the whole directory tree (at least the behaviour is consistent).
My conclusion - there are three possibilities:
- Try os.rename and warn the user if it fails, telling the user that
cross-device moving is not possible. Maybe along with the notice telling the
user to move using 'mv source JAILDIR/home'. I've tested GNU mv from
fileutils-4.0 on gentoo and it does preserve all information when moving across
devices. I suppose BSDs do the same thing?
- Using some sort of exec() call from within python to call 'mv source
JAILDIR/home' (probably quite dangerous).
- Implementing move() in jailkit - more time-consuming and will probably need
some investigation into other python library functions. Of course many ideas of
the shutil library could be used to ease the process of implementing such a
method.
Personally, I'd opt for the first possibility. I wouldn't need loads of moving
around anyway. I don't know about requirements of other jailkit users, though.
This would leave the path open, if the python devs fix the shutil library (they
do mention in the source that improvements will have to be made). It also
depends on how soon you want to realease the next version of jailkit, of course.
Cheers,
Stephen
- [Jailkit-dev] jk_jailuser bug fixed, Olivier Sessink, 2005/11/10
- Re: [Jailkit-dev] more jk_jailuser bugs, Stephen Tallowitz, 2005/11/10
- Re: [Jailkit-dev] more jk_jailuser bugs, Stephen Tallowitz, 2005/11/10
- Re: [Jailkit-dev] more jk_jailuser bugs, Olivier Sessink, 2005/11/11
- Re: [Jailkit-dev] more jk_jailuser bugs, Olivier Sessink, 2005/11/13
- Re: [Jailkit-dev] more jk_jailuser bugs,
Stephen Tallowitz <=
- Re: [Jailkit-dev] more jk_jailuser bugs, Olivier Sessink, 2005/11/14
- Re: [Jailkit-dev] more jk_jailuser bugs, Stephen Tallowitz, 2005/11/14
- Re: [Jailkit-dev] more jk_jailuser bugs, Olivier Sessink, 2005/11/14