RStudio Server ACL bug(feature?)

Dear Community,

recently, we set up an RStudio Server (Open Source version) to test if this would allow our analysts to work together more efficiently. While that appears to be true (and we're very happy so far), we've encountered unexpected behavior regarding file uploads and permissions/ACL.

Analysts share a development directory for collaboration, but files created via RStudio Server's upload feature do not have default ACLs as expected, 644 is set instead. All umasks are ignored.

Example: Directory shared_development

getfacl .
# file: .
# owner: root
# group: root
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::rwx
  1. Create file with touch
touch test123
getfacl test123
# file: test123
# owner: testuser
# group: testuser
user::rw-
group::rwx                      #effective:rw-
mask::rw-
other::rw-
  1. Upload file test456
getfacl test456
# file: test456
# owner: testuser
# group: testuser
user::rw-
group::r--
other::r--

Where is our misconception?
How do we get the RStudio Desktop Server to use the ACL's of the directory shared_development?

  • Any changes to umask of testuser had no effect.
  • Changing umask mode of rstudio-server Daemon had no effect.
  • Option server-set-umask in rserver.conf had no effect.

If memory serves, RStudio Server's upload feature first uploads to /tmp and then moves the uploaded content into its final destination. That could explain what you're seeing?

Getting this to work with RStudio Server Open Source will be difficult since it doesn't have any awareness of other users' sessions and isn't designed to be pointed at a shared folder like this. You might consider Posit Workbench which has a Project Sharing feature that does almost exactly what you're doing here but manages all the ACLs for you.

https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/project_sharing.html

Hi Jonathan,

thanks for your quick response. I see, when files are moved from /tmp then mv is used, and mv doesn't use the ACLs. Ok ... so, just in theory, if I wanted to circumvent that, I have to find the line in RStudios java code (where this behavior is programmed) and change it from mv to, let's say, cp?

And in the long run you're right: the easiest and most robust way to use RStudio with multiple people would be to purchase Posit Workbench. So far, my employer isn't that enthusiastic about R and against its use. With the open source approach, I want to strengthen my analysts on the one hand (without submitting a procurement application) and on the other hand convince my employer of the usefulness of using Rstudio.

Thanks and take care
Liz

If you're willing to modify the source, you can make it do whatever you like! Here's the exact point in the source where this behavior is implemented:

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.