Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permissions trouble

Михаил Суворов
Михаил Суворов November 1, 2018

Hello. We are using Bamboo in docker container (created by our team Dockerfile and docker-compose.yaml) and every time upgrade version wasn't create a trouble, but at that time. We upgrade Bamboo from 6.6.3 to 6.7.1 and now when task "source code checkout" started, it broke file permissions: owner and group don't change, but permissions for other is fully lost (i.e. rwxr-xr-x -> rwxr-x---). What happens? What should I do?

drwxr-x---  9 root root 4096 Nov  1 15:46 ./

drwxr-xr-x 60 root root 4096 Nov  1 15:46 ../

drwxr-x---  8 root root 4096 Nov  1 15:46 .git/

-rw-r-----  1 root root  134 Nov  1 15:46 .gitignore

-rw-r-----  1 root root  154 Nov  1 15:46 Dockerfile

drwxr-x--- 12 root root 4096 Nov  1 15:46 app/

Answer
Watch
Like # people like this
3366 views

2 answers

1 accepted

7 votes
Answer accepted
Chris Berry
Chris Berry
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 7, 2018

Hi Михаил,

 

Bamboo 6.7.1 ships with a new version of Tomcat. The <Bamboo-install>/bin/catalina.sh script now sets the default umask to 027. This will mean that any file created by the Bamboo JVM and any of its child processes will apply that umask and strip the other permissions.

The workaround would be to set the UMASK=022 environment variable before starting Bamboo.

We will confirm with the developers and workout a longer term solution and/or document this behaviour change.

Although, having a umask of 027 if better from a security perspective, it is a change in behaviour.

thanks

Chris

View More Comments
Михаил Суворов
Михаил Суворов November 7, 2018

Wow, fantastic! I was look up at many paths, but nowhere had seen umask=027. Thank you!

In my case, Bamboo run in container from 'root' and in some jobs it's create artifacts for non-root user, so I must have umask 022 instead 027.

Like
Joris van Eijden
Joris van Eijden
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 23, 2018

Having this in the release notes somewhere would have saved me a lot of time.

Took me half a day to find this. Super happy it's fixed now though :)

Like
Cory Galloway
Cory Galloway May 14, 2019

Yes, can someone point me to the Release Notes with this change?  It caused some of our deploys to fail as the user deploying no longer had read on the checked-out repo.

Like Chris Bellar likes this
Reply
0 votes
Chris Berry
Chris Berry
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 1, 2018

Hi Михаил

Has there been any changes to the agent system that runs this job?

Docker will inherit the system umask setting. If the system umask is set to 07

then you will see the behaviour you describe.

thanks

Chris

Atlassian support-Bamboo

View More Comments
Михаил Суворов
Михаил Суворов November 2, 2018

Properties of agents are not changes. I just create new docker image with 6.7.1 instead 6.6.3 and run it. Without change any settings of Bamboo.

Nowhere in profile and other files has umask settings. I downgrade to 6.6.3 and it's work fine. Home directory (/home/bamboo) is mounting into container, but in 6.7.1 Bamboo had trouble with permissions. What else may be wrong?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events