Skip to content

Remove most usage of SharedFile permission

Sami Hiltunen requested to merge smh-shared-file-perm into master

Gitaly is using SharedFile in many places where PrivateWriteOnceFile would suffice. In production code, we're using it in a few locations:

  • streamcache for the cached file. They're never written to after creation, so no need to grant Gitaly the write bit. This is an internal cache, so no need to grant others permission to read the files.
  • ServerInfo RPC uses it to write out a file test whether Gitaly has permissions to write into the storage and removes it afterwards. No need for anyone to read the file nor for Gitaly to write into it again.
  • ReplicateRepository RPC uses it for git config. The config file should not be written into after creating it as this would break snapshot isolation with transactions. A new file should be created and the old file replaced with it. Gitaly's storage should not be read by others than Gitaly. The repositories are not guaranteed to be in consistent state if there is a WAL entry application in progress.

In addition, SharedFile is used for log files that are readable by other than the Gitaly's user. This use case is left in place for now until we soon have an alteranative available which we'll replace the permission with.

Replace all the usage of SharedFile in production code with PrivateWriteOnceFile, other than the usage with log files, and remove all usage in tests.

Related to #6206

Merge request reports