Drush does not inherit groups correctly.

I just wrote a quick bash program to set up all my permissions on my site. Seems to work well.
My user is onryo and my group is www-data. On a ubuntu lucid LAMP

When I do something like “drush dl” the module ends up with the right owner but the group is not right. The permissions are also only for the user. I have added both myself and drush to the www-data group but no dice.

How do I fix this problem? I want my added modules to inherit onryo:www-data.

All directories:
750 onryo:www-data

All files for drupal
640 onryo:www-data
440 onryo:www-data on setup.php and default.setup.php scrips (manual)

Files under sites (So files really get removed/added off/to the FS when needed)
660 onryo:www-data

I installed drush from src and made a alias in .bashrc. Works fine. 

#!/bin/bash

# onyros permissions script. 

### Configure script

# The script will ask you for your user name. Mine ie is onryo
# The script will then ask you for your server group name SERVERGROUP often it is www-data.
# but you can find it like this.
# ps aux | grep apache . Or you can "cat /etc/apache2/envvars | grep APACHE_RUN"

# I made sure to enter the paths statically. You mess this one up and you will commit suicide :)
#Full path to drupal root. ie /var/www/domain1/public/ 
drupal_root="/var/www/domain4/public"

#Full Path to the sites folder
sites_folder="/var/www/domain4/public/sites"

##### END configuration

##### begin script. no editing below this is neccesary

# enter your user name when asked.
echo The name of the user ie your USERNAME:
read USERNAME
# enter your server group when asked. 
echo The name of the server group ie your SERVERGROUP:
read SERVERGROUP
echo "Entering drupal root dir"
cd ${drupal_root}
chown -R ${USERNAME}:${SERVERGROUP} .
echo "Changing drupel permissions"
find . -type d -exec chmod u=rwx,g=rx,o= {} \;
find . -type f -exec chmod u=rw,g=r,o= {} \;
echo "Changing site dir permissions"
cd ${sites_folder}
find . -type d -exec chmod ug=rwx,o= {} \;
find . -type f -exec chmod ug=rw,o= {} \;
echo "All done now!"

Comments

Onryo’s picture

Onryo CreditAttribution: Onryo commented
Category: task » bug
Priority: Major » Normal
greg.1.anderson’s picture

greg.1.anderson CreditAttribution: greg.1.anderson commented
Category: bug » support
Status: Active » Fixed

Drush by design does nothing about file permissions; to do so would not be cross-platform compatible.

The solution you have shown above is correct; see also man umask. See also the section of man chmod regarding the (s) bit.

Onryo’s picture

Onryo CreditAttribution: Onryo commented

The set-gid bit sets the group owner of files/directories that are created.
It does not imply anything about group permissions, which are still governed by your umask.

OK so if I set a files with the gid (group) to be inherited for example like this:
find . -type d -exec chmod -R 2750 \{\} \;
find . -type f -exec chmod -R 2640 \{\} \;

Fine fair enough. The user and the group will be inherited but not the perms.

Sigh... as far as I know (I am from the world of OpenBSD now on linux) the the only way to get the permissions to also also be inherited would be to go into each user account and change the .bashrc by adding umask=0007.

All permissions for the file owner (user)
All permissions for the file owner (user)
No permissions for others

I am probably wrong with "the only way" Mehhh.....there has to be a "normal" way of doing this. Is it possible to use ACL ?

I know this is Linux specific but today In the Webserver business, 60 percent are Linux servers. 90 percent of the high performance computing business is also linux. In short a lot of us find would find this info useful. Drush is God sent for us that hate SLOW X-servers. I like my brew cold =)

Like I said how are others normally setting up their servers?

All the best
Onryo

greg.1.anderson’s picture

greg.1.anderson CreditAttribution: greg.1.anderson commented

I usually just fix the permissions afterwards, or run drush as the user that should own the files. I suppose you could make a post-dl hook for drush, and fix the permissions there. See drush.api.php.

Onryo’s picture

Onryo CreditAttribution: Onryo commented

Thats what I did and it works. drush cc (css js), drush dl moduel, run my newer script then the one above, drush updb, drush cron. Just that I hook that whole thing into drush.

Thanks Greg
Onryo

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Robert S’s picture

Robert S CreditAttribution: Robert S commented

I had this issue (or similar one).
The reason: be default I have
umask 0027
(no permission for users from different group).

This works well for normal work but not for drupal (as then the web-server doesn't see the files).

To explain to drush that I want to use the desired umask 0022
is somewhat tricky. The cleanest solution I found is
to edit file
commands/core/core.drush.inc
in your drush installation, find there a line
function core_cli_bashrc($drush_command) {
and after the line (few lines below this)
$bashrc_data = ... EOD (I'm not writing the less-than signs, as this puzzles the comment system)

you enter
umask 0022

(and whatever other configuration commands you want to run by default).

If there is a cleaner way (using some configuration file instead of modifying the scripts),
I'd be glad to hear about it!

greg.1.anderson’s picture

greg.1.anderson CreditAttribution: greg.1.anderson commented

User-modified settings for drush core-cli is a good idea, but would require an enhancement to drush core-cli. A patch would be welcome; if you roll one, please submit it on a new issue.