Merge pull request #2989 from MichaelEischer/remove-local-chmod

local: mark repository files as read-only and handle chmod errors
This commit is contained in:
MichaelEischer 2020-10-08 19:04:13 +02:00 committed by GitHub
commit 4a424af1d5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 5 deletions

View file

@ -0,0 +1,15 @@
Bugfix: Mark repository files as read-only when using the local backend
Files stored in a local repository were marked as writeable on the
filesystem for non-Windows systems, which did not prevent accidental file
modifications outside of restic. In addition, the local backend did not work
with certain filesystems and network mounts which do not permit modifications
of file permissions.
restic now marks files stored in a local repository as read-only on the
filesystem on non-Windows systems. The error handling is improved to support
more filesystems.
https://github.com/restic/restic/issues/1756
https://github.com/restic/restic/issues/2157
https://github.com/restic/restic/pull/2989

View file

@ -130,7 +130,15 @@ func (b *Local) Save(ctx context.Context, h restic.Handle, rd restic.RewindReade
return errors.Wrap(err, "Close") return errors.Wrap(err, "Close")
} }
return setNewFileMode(filename, backend.Modes.File) // try to mark file as read-only to avoid accidential modifications
// ignore if the operation fails as some filesystems don't allow the chmod call
// e.g. exfat and network file systems with certain mount options
err = setFileReadonly(filename, backend.Modes.File)
if err != nil && !os.IsPermission(err) {
return errors.Wrap(err, "Chmod")
}
return nil
} }
// Load runs fn with a reader that yields the contents of the file at h at the // Load runs fn with a reader that yields the contents of the file at h at the
@ -205,7 +213,7 @@ func (b *Local) Remove(ctx context.Context, h restic.Handle) error {
// reset read-only flag // reset read-only flag
err := fs.Chmod(fn, 0666) err := fs.Chmod(fn, 0666)
if err != nil { if err != nil && !os.IsPermission(err) {
return errors.Wrap(err, "Chmod") return errors.Wrap(err, "Chmod")
} }

View file

@ -9,6 +9,6 @@ import (
) )
// set file to readonly // set file to readonly
func setNewFileMode(f string, mode os.FileMode) error { func setFileReadonly(f string, mode os.FileMode) error {
return fs.Chmod(f, mode) return fs.Chmod(f, mode&^0222)
} }

View file

@ -7,6 +7,6 @@ import (
// We don't modify read-only on windows, // We don't modify read-only on windows,
// since it will make us unable to delete the file, // since it will make us unable to delete the file,
// and this isn't common practice on this platform. // and this isn't common practice on this platform.
func setNewFileMode(f string, mode os.FileMode) error { func setFileReadonly(f string, mode os.FileMode) error {
return nil return nil
} }