Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add util for checking installation permissions #652

Merged
merged 4 commits into from
Jun 28, 2023
Merged

Add util for checking installation permissions #652

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3358de3
Add utility to check install dir permissions
AlexanderRichert-NOAA Jun 27, 2023
048809f
Merge remote-tracking branch 'jcsda/develop' into perm_check_util
AlexanderRichert-NOAA Jun 27, 2023
b71cab4
Add doco for check_permissions.sh
AlexanderRichert-NOAA Jun 27, 2023
ee05eca
Merge branch 'develop' into perm_check_util
AlexanderRichert-NOAA Jun 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions doc/source/PreConfiguredSites.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -757,6 +757,9 @@ The following instructions install a new spack environment on a pre-configured s
# Create meta-modules for compiler, mpi, python
spack stack setup-meta-modules

# Check permissions for systems where non-owning users/groups need access
${SPACK_STACK_DIR}/util/check_permissions.sh

.. note::
You may want to capture the output from :code:`spack concretize` and :code:`spack install` comands in log files.
For example:
Expand Down
8 changes: 8 additions & 0 deletions doc/source/Utilities.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,14 @@ The utility located at util/show_duplicate_packages.py parses the output of ``sp

The ``-d`` option shows only a list of the duplicates, as opposed to the default behavior, which is to show a print-out of all packages with colorized duplicates. In any case, the identification of any duplicates will yield a return code of 1. The ``-i`` option can be invoked multiple times to skip specific package names.

.. _Permissions_Checker:

------------------------------
check_permissions.sh
------------------------------

The utility located at util/check_permissions.sh can be run inside any spack-stack environment directory intended for multiple users (i.e., on an HPC or cloud platform). It will return errors if the environment directory is inaccessible to non-owning users and groups (i.e., if o+rx not set), as well as if any directories or files have permissions that make them inaccessible to other users.

.. _Acorn_Utilities:

------------------------------
Expand Down
30 changes: 30 additions & 0 deletions util/check_permissions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/bin/bash
# Run this utility inside a spack-stack environment directory to ensure that
# permissions are set such that non-owning users/groups can use the
# installation.

path=$PWD

# Check upstream hierarchy of current directory
while [ $path != '/' ]; do
o_perms=$(stat $path --format="%A" | grep -o "...$")
if [ ${o_perms:0:1} != 'r' ]; then
echo "Path $path is not readable by non-owners; set o+r" 1>&2
iret=1
fi
if [ ${o_perms:2:3} != 'x' ]; then
echo "Path $path is not accessible by non-owners; set o+x" 1&>2
iret=1
fi
path=$(dirname $path)
done

# Check downstream hierarchy of current directory
n_bad_perms=$(find \( -type d -a -not -perm -005 \) -o \( -type f -a -not -perm -004 \) | wc -l)
if [ $n_bad_perms -gt 0 ]; then
echo "There are files under this hierarchy not accessible to non-owning users/groups."
echo "Use 'find \( -type d -a -not -perm -005 \) -o \( -type f -a -not -perm -004 \)' to identify them."
iret=1
fi

exit $iret