From aecbbfc8ecf06e014a4c39385fe419437bf9e7d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Ducceschi?= <remi.ducceschi@gmail.com>
Date: Wed, 9 Aug 2017 15:34:16 +0200
Subject: [PATCH 1/2] Pipeline local filesystem: x permission on folders

- add the "execute" permission on folders so users can see what is inside.
---
 storage_service/locations/models/space.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/storage_service/locations/models/space.py b/storage_service/locations/models/space.py
index b25873da2..8abdd7d4f 100644
--- a/storage_service/locations/models/space.py
+++ b/storage_service/locations/models/space.py
@@ -445,7 +445,7 @@ def move_rsync(self, source, destination, try_mv_local=False):
 
         # Rsync file over
         # TODO Do this asyncronously, with restarting failed attempts
-        command = ['rsync', '-t', '-O', '--protect-args', '-vv', '--chmod=ugo+rw', '-r', source, destination]
+        command = ['rsync', '-t', '-O', '--protect-args', '-vv', '--chmod=ugo+rw,Da+x', '--perms', '-r', source, destination]
         LOGGER.info("rsync command: %s", command)
 
         p = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
@@ -513,7 +513,7 @@ def create_rsync_directory(self, destination_path, user, host):
         for directory in directories:
             path = os.path.join(os.path.dirname(directory), '')
             path = "{}@{}:{}".format(user, host, utils.coerce_str(path))
-            cmd = ['rsync', '-vv', '--protect-args', '--chmod=ugo+rw', '--recursive', temp_dir, path]
+            cmd = ['rsync', '-vv', '--protect-args', '--chmod=ugo+rwx', '--recursive', temp_dir, path]
             LOGGER.info("rsync path creation command: %s", cmd)
             try:
                 subprocess.check_call(cmd)

From 1d7c6bb767d8f508b58f40a10ab9e3427ed3e51f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Ducceschi?= <remi.ducceschi@gmail.com>
Date: Wed, 23 Aug 2017 10:12:24 +0200
Subject: [PATCH 2/2] restrictive permission for other users

---
 storage_service/locations/models/space.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/storage_service/locations/models/space.py b/storage_service/locations/models/space.py
index 8abdd7d4f..7c158d5a1 100644
--- a/storage_service/locations/models/space.py
+++ b/storage_service/locations/models/space.py
@@ -445,7 +445,7 @@ def move_rsync(self, source, destination, try_mv_local=False):
 
         # Rsync file over
         # TODO Do this asyncronously, with restarting failed attempts
-        command = ['rsync', '-t', '-O', '--protect-args', '-vv', '--chmod=ugo+rw,Da+x', '--perms', '-r', source, destination]
+        command = ['rsync', '-t', '-O', '--protect-args', '-vv', '--chmod=F660,D770', '-r', source, destination]
         LOGGER.info("rsync command: %s", command)
 
         p = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
@@ -513,7 +513,7 @@ def create_rsync_directory(self, destination_path, user, host):
         for directory in directories:
             path = os.path.join(os.path.dirname(directory), '')
             path = "{}@{}:{}".format(user, host, utils.coerce_str(path))
-            cmd = ['rsync', '-vv', '--protect-args', '--chmod=ugo+rwx', '--recursive', temp_dir, path]
+            cmd = ['rsync', '-vv', '--protect-args', '--chmod=ug=rwx,o=rx', '--recursive', temp_dir, path]
             LOGGER.info("rsync path creation command: %s", cmd)
             try:
                 subprocess.check_call(cmd)