Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow stateDir that is based on $HOME #1092

Open
andrewhamon opened this issue Jan 26, 2023 · 0 comments · May be fixed by #1236
Open

Allow stateDir that is based on $HOME #1092

andrewhamon opened this issue Jan 26, 2023 · 0 comments · May be fixed by #1236

Comments

@andrewhamon
Copy link

andrewhamon commented Jan 26, 2023
edited
Loading

Currently, Watchman requires a single stateDir that is configured at compile time. Moreover, there is no way (that I have discovered, at least) to change the location of stateDir via any sort of runtime config (like a flag or environment variable).

This makes watchman rather difficult to package - the only secure way that I can see to set up watchman for unprivileged users would be to pre-create a stateDir ahead of time by a privileged user.

There already is a well known, privately-writable-per-user location on most linux machines: $HOME. As far as I can tell, though, it is impossible to configure watchman to write to a well-known path under $HOME.

All of this makes Watchman difficult to use securely by unprivileged users - either each user must compile their own version of Watchman from scratch, setting WATCHMAN_STATE_DIR to a path they control. Or they must use a generic binary that writes to a less secure location (like /tmp -- which was removed as a default for security reasons).

Please let me know if I missed something, and there is a way to use watchman both securely and without the aid of a privileged user/package manager.
@andrewhamon andrewhamon mentioned this issue Jan 26, 2023
Merged
13 tasks
@Bo98 Bo98 mentioned this issue Jun 6, 2024
Closed
carlocab added a commit to carlocab/watchman that referenced this issue Aug 2, 2024
@carlocab
Allow state directory based in $HOME.
5f8752a 
The reasoning for this is already outlined well in facebook#1092.

This would be useful for us in Homebrew, and would probably limit the
number of bug reports you get from Homebrew users that get tripped up by
our hard-coded `WATCHMAN_STATE_DIR`. (See, e.g., facebook#963.)

It should also reduce the number of users who end up with `brew`
building Watchman from source because they're using a non-default
prefix (e.g. facebook#1132).

Closes facebook#1092.
carlocab added a commit to carlocab/watchman that referenced this issue Aug 2, 2024
@carlocab
Allow state directory based in $HOME.
cffdb2d 
The reasoning for this is already outlined well in facebook#1092.

This would be useful for us in Homebrew, and would probably limit the
number of bug reports you get from Homebrew users that get tripped up by
our hard-coded `WATCHMAN_STATE_DIR`. (See, e.g., facebook#963.)

It should also reduce the number of users who end up with `brew`
building Watchman from source because they're using a non-default
prefix, and hopefully issues from them too (e.g. facebook#1132).

Closes facebook#1092.
@carlocab carlocab linked a pull request Aug 2, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow state directory based in $HOME. carlocab/watchman
1 participant
@andrewhamon