RStudio Server ACL bug(feature?)

whitezebra · April 25, 2023, 12:28pm

Dear Community,

recently, we set up an RStudio Server (Open Source version) to test if this would allow our analysts to work together more efficiently. While that appears to be true (and we're very happy so far), we've encountered unexpected behavior regarding file uploads and permissions/ACL.

Analysts share a development directory for collaboration, but files created via RStudio Server's upload feature do not have default ACLs as expected, 644 is set instead. All umasks are ignored.

Example: Directory shared_development

getfacl .
# file: .
# owner: root
# group: root
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::rwx

Create file with touch

touch test123
getfacl test123
# file: test123
# owner: testuser
# group: testuser
user::rw-
group::rwx                      #effective:rw-
mask::rw-
other::rw-

Upload file test456

getfacl test456
# file: test456
# owner: testuser
# group: testuser
user::rw-
group::r--
other::r--

Where is our misconception?
How do we get the RStudio Desktop Server to use the ACL's of the directory shared_development?

Any changes to umask of testuser had no effect.
Changing umask mode of rstudio-server Daemon had no effect.
Option server-set-umask in rserver.conf had no effect.

jonathan · April 26, 2023, 10:30pm

If memory serves, RStudio Server's upload feature first uploads to /tmp and then moves the uploaded content into its final destination. That could explain what you're seeing?

Getting this to work with RStudio Server Open Source will be difficult since it doesn't have any awareness of other users' sessions and isn't designed to be pointed at a shared folder like this. You might consider Posit Workbench which has a Project Sharing feature that does almost exactly what you're doing here but manages all the ACLs for you.

https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/project_sharing.html

whitezebra · April 27, 2023, 2:32pm

Hi Jonathan,

thanks for your quick response. I see, when files are moved from /tmp then mv is used, and mv doesn't use the ACLs. Ok ... so, just in theory, if I wanted to circumvent that, I have to find the line in RStudios java code (where this behavior is programmed) and change it from mv to, let's say, cp?

And in the long run you're right: the easiest and most robust way to use RStudio with multiple people would be to purchase Posit Workbench. So far, my employer isn't that enthusiastic about R and against its use. With the open source approach, I want to strengthen my analysts on the one hand (without submitting a procurement application) and on the other hand convince my employer of the usefulness of using Rstudio.

Thanks and take care
Liz

jonathan · April 27, 2023, 10:27pm

If you're willing to modify the source, you can make it do whatever you like! Here's the exact point in the source where this behavior is implemented:

github.com

rstudio/rstudio/blob/main/src/cpp/session/modules/SessionFiles.cpp#L681-L692


      
          // calculate target path
          FilePath targetPath = targetDirectoryPath.completeChildPath(filename);
          
          
// move the source to the destination, falling back to a copy
          // if the move cannot be completed
          Error copyError = uploadedTempFilePath.move(targetPath, FilePath::MoveCrossDevice, true);
          if (copyError)
             return copyError;
          
          
// update permissions (handles case where an uploaded file does not inherit shared project
          // permissions correctly in RStudio Workbench)
          module_context::events().onPermissionsChanged(targetPath);

system · May 4, 2023, 10:27pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.