Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File permissions for cache shared between multiple users #11012

Open
1 task done
mikapfl opened this issue Apr 6, 2022 · 3 comments · May be fixed by #13070
Open
1 task done

File permissions for cache shared between multiple users #11012

mikapfl opened this issue Apr 6, 2022 · 3 comments · May be fixed by #13070
Labels
S: needs triage Issues/PRs that need to be triaged type: feature request Request for a new feature

Comments

@mikapfl
Copy link

mikapfl commented Apr 6, 2022

What's the problem this feature will solve?

On a shared Linux system, we want to share pip's cache between multiple users, so packages are not downloaded 50 times when 50 users install the same package.

Currently on unix, when I set the cache directory to a directory which is readable and writable by a group and has the setgid bit set, the cache folders are created with permissions suitable for group-use when I set a correct umask (so, with umask 0002, I get permissions drwxrwsr-x on the http folder and its subfolders). However, all cache files are only readable and writable by the user who downloaded the file in question last. So, if the same user installs the same package multiple times, everything is nicely cached, but if another user installs the same package, it is not cached.

As far as understand, this happens because adjacent_tmp_file uses NamedTemporaryFile which has file mode 0o600 hard coded for security reasons, irrespective of the umask.

Describe the solution you'd like

Ideally, a config option would be added which uses settings suitable for shared caches, something like cache-shared=True or cache-shared-group=my-shared-group-name or so.

Alternative Solutions

We could probably run a chmod periodically or something like this, but if it doesn't happen within pip itself, there will always be a delay between when the cache is created and when the cache is available for all users.

Additional context

If the feature was generally welcome, I could also develop a pull request.

Code of Conduct
@mikapfl mikapfl added S: needs triage Issues/PRs that need to be triaged type: feature request Request for a new feature labels Apr 6, 2022
@uranusjr
Copy link
Member

uranusjr commented Apr 6, 2022

Or I guess once the file is committed (i.e. no longer temporary) its permission could be changed to match the cache directory. Not sure if that is a reasonable approach security-wise.

@sabik sabik mentioned this issue Apr 13, 2022
Open
1 task
@numas
Copy link

numas commented Jan 15, 2023

Would love to see this implemented. Was initially happy to find the PIP_CACHE_DIR / PIP_DOWNLOAD_CACHE env vars while setting up a multi-user server for a university department, only to see that packages are downloaded again every time for each user. The shared folder has ACL set up but it is ignored by pip. I hope a solution can be made for a shared cache, as this use case (multi-user setup) is widespread and not having it is rather wasteful in both bandwidth and disk space.

@uranusjr
Copy link
Member

Pull requests are always welcomed.

@JustinVanHeek JustinVanHeek linked a pull request Nov 8, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
S: needs triage Issues/PRs that need to be triaged type: feature request Request for a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make network cache file permissions inherit from cache directory JustinVanHeek/pip
3 participants
@uranusjr @mikapfl @numas