Hello. We are using Bamboo in docker container (created by our team Dockerfile and docker-compose.yaml) and every time upgrade version wasn't create a trouble, but at that time. We upgrade Bamboo from 6.6.3 to 6.7.1 and now when task "source code checkout" started, it broke file permissions: owner and group don't change, but permissions for other is fully lost (i.e. rwxr-xr-x -> rwxr-x---). What happens? What should I do?
drwxr-x--- 9 root root 4096 Nov 1 15:46 ./
drwxr-xr-x 60 root root 4096 Nov 1 15:46 ../
drwxr-x--- 8 root root 4096 Nov 1 15:46 .git/
-rw-r----- 1 root root 134 Nov 1 15:46 .gitignore
-rw-r----- 1 root root 154 Nov 1 15:46 Dockerfile
drwxr-x--- 12 root root 4096 Nov 1 15:46 app/
Bamboo 6.7.1 ships with a new version of Tomcat. The <Bamboo-install>/bin/catalina.sh script now sets the default umask to 027. This will mean that any file created by the Bamboo JVM and any of its child processes will apply that umask and strip the other permissions.
The workaround would be to set the UMASK=022 environment variable before starting Bamboo.
We will confirm with the developers and workout a longer term solution and/or document this behaviour change.
Although, having a umask of 027 if better from a security perspective, it is a change in behaviour.
Properties of agents are not changes. I just create new docker image with 6.7.1 instead 6.6.3 and run it. Without change any settings of Bamboo.
Nowhere in profile and other files has umask settings. I downgrade to 6.6.3 and it's work fine. Home directory (/home/bamboo) is mounting into container, but in 6.7.1 Bamboo had trouble with permissions. What else may be wrong?