Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,366,266
Community Members
 
Community Events
168
Community Groups

Permissions trouble

Edited

Hello. We are using Bamboo in docker container (created by our team Dockerfile and docker-compose.yaml) and every time upgrade version wasn't create a trouble, but at that time. We upgrade Bamboo from 6.6.3 to 6.7.1 and now when task "source code checkout" started, it broke file permissions: owner and group don't change, but permissions for other is fully lost (i.e. rwxr-xr-x -> rwxr-x---). What happens? What should I do?

drwxr-x---  9 root root 4096 Nov  1 15:46 ./

drwxr-xr-x 60 root root 4096 Nov  1 15:46 ../

drwxr-x---  8 root root 4096 Nov  1 15:46 .git/

-rw-r-----  1 root root  134 Nov  1 15:46 .gitignore

-rw-r-----  1 root root  154 Nov  1 15:46 Dockerfile

drwxr-x--- 12 root root 4096 Nov  1 15:46 app/

2 answers

1 accepted

7 votes
Answer accepted
Chris Berry Atlassian Team Nov 07, 2018

Hi Михаил,

 

Bamboo 6.7.1 ships with a new version of Tomcat. The <Bamboo-install>/bin/catalina.sh script now sets the default umask to 027. This will mean that any file created by the Bamboo JVM and any of its child processes will apply that umask and strip the other permissions.

The workaround would be to set the UMASK=022 environment variable before starting Bamboo.

We will confirm with the developers and workout a longer term solution and/or document this behaviour change.

Although, having a umask of 027 if better from a security perspective, it is a change in behaviour.

thanks

Chris

Wow, fantastic! I was look up at many paths, but nowhere had seen umask=027. Thank you!

In my case, Bamboo run in container from 'root' and in some jobs it's create artifacts for non-root user, so I must have umask 022 instead 027.

Having this in the release notes somewhere would have saved me a lot of time.

Took me half a day to find this. Super happy it's fixed now though :)

Yes, can someone point me to the Release Notes with this change?  It caused some of our deploys to fail as the user deploying no longer had read on the checked-out repo.

Like Chris Bellar likes this
0 votes
Chris Berry Atlassian Team Nov 01, 2018

Hi Михаил

Has there been any changes to the agent system that runs this job?

Docker will inherit the system umask setting. If the system umask is set to 07

then you will see the behaviour you describe.

thanks

Chris

Atlassian support-Bamboo

Properties of agents are not changes. I just create new docker image with 6.7.1 instead 6.6.3 and run it. Without change any settings of Bamboo.

Nowhere in profile and other files has umask settings. I downgrade to 6.6.3 and it's work fine. Home directory (/home/bamboo) is mounting into container, but in 6.7.1 Bamboo had trouble with permissions. What else may be wrong?

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events