Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Permissions trouble Edited

Hello. We are using Bamboo in docker container (created by our team Dockerfile and docker-compose.yaml) and every time upgrade version wasn't create a trouble, but at that time. We upgrade Bamboo from 6.6.3 to 6.7.1 and now when task "source code checkout" started, it broke file permissions: owner and group don't change, but permissions for other is fully lost (i.e. rwxr-xr-x -> rwxr-x---). What happens? What should I do?

drwxr-x---  9 root root 4096 Nov  1 15:46 ./

drwxr-xr-x 60 root root 4096 Nov  1 15:46 ../

drwxr-x---  8 root root 4096 Nov  1 15:46 .git/

-rw-r-----  1 root root  134 Nov  1 15:46 .gitignore

-rw-r-----  1 root root  154 Nov  1 15:46 Dockerfile

drwxr-x--- 12 root root 4096 Nov  1 15:46 app/

2 answers

1 accepted

6 votes
Answer accepted
Chris Berry Atlassian Team Nov 07, 2018

Hi Михаил,

 

Bamboo 6.7.1 ships with a new version of Tomcat. The <Bamboo-install>/bin/catalina.sh script now sets the default umask to 027. This will mean that any file created by the Bamboo JVM and any of its child processes will apply that umask and strip the other permissions.

The workaround would be to set the UMASK=022 environment variable before starting Bamboo.

We will confirm with the developers and workout a longer term solution and/or document this behaviour change.

Although, having a umask of 027 if better from a security perspective, it is a change in behaviour.

thanks

Chris

Wow, fantastic! I was look up at many paths, but nowhere had seen umask=027. Thank you!

In my case, Bamboo run in container from 'root' and in some jobs it's create artifacts for non-root user, so I must have umask 022 instead 027.

Having this in the release notes somewhere would have saved me a lot of time.

Took me half a day to find this. Super happy it's fixed now though :)

Yes, can someone point me to the Release Notes with this change?  It caused some of our deploys to fail as the user deploying no longer had read on the checked-out repo.

Like Chris Bellar likes this
0 votes
Chris Berry Atlassian Team Nov 01, 2018

Hi Михаил

Has there been any changes to the agent system that runs this job?

Docker will inherit the system umask setting. If the system umask is set to 07

then you will see the behaviour you describe.

thanks

Chris

Atlassian support-Bamboo

Properties of agents are not changes. I just create new docker image with 6.7.1 instead 6.6.3 and run it. Without change any settings of Bamboo.

Nowhere in profile and other files has umask settings. I downgrade to 6.6.3 and it's work fine. Home directory (/home/bamboo) is mounting into container, but in 6.7.1 Bamboo had trouble with permissions. What else may be wrong?

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 7.1 is here and is packed with value!

I'm happy to announce that Bamboo 7.1 has been released and it’s overflowing with awesome new features. Top-voted issues First and foremost, a bunch of JAC top voted issues has been delivered - y...

638 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you