inconsistent and wrong permissions on resulting software installations #1351
Description
When using EasyBuild to create shared repository of software, we came across a problem with permissions set on the installed software dirs and files. Everything else, including modules, eb files, even downloaded sources matched the permissions set via EasyBuild's options. However, the actual software installs had missing permissions for 'other': they lacked read access, and executable bits (wherever applicable).
What follows is a sample session. You may notice that we start with umask that is restrictive, but we change it to match the one set in EasyBuild's options. Umask 002 is set via /etc/profile.local; however, to rule out that being the culprit, we removed it. The problem persisted.
~> umask
0027
- here we load a module that sets all of our EASYBUILD* env variables
~> module load site/shadowfax/easybuild/hpcadmin
~> newgrp hpcadmin
~> umask 002
~> module load EasyBuild
~> umask
0002
~> env | egrep 'EASYBUILD_SET_GID_BIT|EASYBUILD_STICKY_BIT|EASYBUILD_UMASK|EASYBUILD_GROUP'
EASYBUILD_STICKY_BIT=1
EASYBUILD_SET_GID_BIT=1
EASYBUILD_UMASK=002
EASYBUILD_GROUP=hpcadmin
# install any sample software
~> eb the_silver_searcher-0.30.0-goolf-1.4.10.eb --robot --force
[...]
# verify permissions on the resulting modules. they are OK.
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_MODULES/all/the_silver_searcher/
drwxrwsr-t 3775 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_MODULES/all/the_silver_searcher/0.30.0-goolf-1.4.10
-rw-rw-r-- 664 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher/
drwxrwsr-t 3775 dom hpcadmin
# verify resulting files and dirs in the easybuild_repo destination. they're OK.
~> stat -c '%A %a %U %G' $EASYBUILD_REPOSITORYPATH/the_silver_searcher
drwxrwsr-t 3775 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_REPOSITORYPATH/the_silver_searcher/the_silver_searcher-0.30.0-goolf-1.4.10.eb
-rw-rw-r-- 664 dom hpcadmin
- Problems appear when we look at the installed software:
# correct
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher
drwxrwsr-t 3775 dom hpcadmin
# and incorrect further down
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher/0.30.0-goolf-1.4.10
drwxr-s--T 3750 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher/0.30.0-goolf-1.4.10/bin
drwxr-s--- 2750 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher/0.30.0-goolf-1.4.10/easybuild
drwxr-s--T 3750 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher/0.30.0-goolf-1.4.10/bin/ag
-rwxr-x--- 750 dom hpcadmin
Using --group-writable-installdir results in expected addition of group writeable permission, but it still doesn't match the umask nor give others read/exec permissions:
~> eb the_silver_searcher-0.30.0-goolf-1.4.10.eb --robot --force --debug --group-writable-installdir
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher
drwxrwsr-t 3775 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher/0.30.0-goolf-1.4.10/bin
drwxrws--- 2770 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher/0.30.0-goolf-1.4.10
drwxrws--T 3770 dom hpcadmin
~> stat -c '%A %a %U %G' $EASYBUILD_INSTALLPATH_SOFTWARE/the_silver_searcher/0.30.0-goolf-1.4.10/bin/ag
-rwxrwx--- 770 dom hpcadmin