Implement FR #3107: Add config option to not set file and directory permissions (#3112)

abraunegg · web-flow · commit 0216b63c6186 · 2025-02-13T19:27:14.000+11:00
* Implement configuration option to not set directory and file permissions
diff --git a/docs/application-config-options.md b/docs/application-config-options.md
@@ -19,6 +19,7 @@ Before reading this document, please ensure you are running application version
   - [debug_https](#debug_https)
   - [disable_download_validation](#disable_download_validation)
   - [disable_notifications](#disable_notifications)
+  - [disable_permission_set](#disable_permission_set)
   - [disable_upload_validation](#disable_upload_validation)
   - [display_running_config](#display_running_config)
   - [display_transfer_metrics](#display_transfer_metrics)
@@ -279,6 +280,17 @@ _**Config Example:**_ `disable_notifications = "false"` or `disable_notification
 
 _**CLI Option Use:**_ `--disable-notifications`
 
+### disable_permission_set
+_**Description:**_ This setting controls whether the application will set the permissions on files and directories using the values of 'sync_dir_permissions' and 'sync_file_permissions'. When this option is enabled, file system permission inheritance will be used to assign the permissions for your data. This option may be useful if the file system configured does not allow setting of POSIX permissions.
+
+_**Value Type:**_ Boolean
+
+_**Default Value:**_ False
+
+_**Config Example:**_ `disable_permission_set = "false"` or `disable_permission_set = "true"`
+
+_**CLI Option Use:**_ *None - this is a config file option only*
+
 ### disable_upload_validation
 _**Description:**_ This option determines whether the client will conduct integrity validation on files uploaded to Microsoft OneDrive. Sometimes, when uploading files, particularly to SharePoint, SharePoint will modify your file post upload by adding new data to your file which breaks the integrity checking of the upload performed by this client. Enable this option to disable the integrity checks performed by this client.
 
diff --git a/docs/usage.md b/docs/usage.md
@@ -851,6 +851,9 @@ sync_file_permissions = "600"
 > [!IMPORTANT]
 > Please note that special permission bits such as setuid, setgid, and the sticky bit are not supported. Valid permission values range from `000` to `777` only.
 
+> [!NOTE]
+> To prevent the application from modifying file or directory permissions and instead rely on the existing file system permission inheritance, add `disable_permission_set = "true"` to your configuration file.
+
 ### How are uploads and downloads managed?
 The system manages downloads and uploads using a multi-threaded approach. Specifically, the application utilises by default 8 threads (a maximum of 16 can be configured) for these processes. This thread count is preset and cannot be modified by users. This design ensures efficient handling of data transfers.
 
diff --git a/src/config.d b/src/config.d
@@ -364,6 +364,9 @@ class ApplicationConfig {
 		// - Enable the calculation of transfer metrics (duration,speed) for the transfer of a file
 		boolValues["display_transfer_metrics"] = false;
 		
+		// Diable setting the permissions for directories and files, using the inherited permissions
+		boolValues["disable_permission_set"] = false;
+		
 		// EXPAND USERS HOME DIRECTORY
 		// Determine the users home directory.
 		// Need to avoid using ~ here as expandTilde() below does not interpret correctly when running under init.d or systemd scripts
@@ -1436,6 +1439,7 @@ class ApplicationConfig {
 		addLogEntry("Config option 'resync'                       = " ~ to!string(getValueBool("resync")));
 		addLogEntry("Config option 'resync_auth'                  = " ~ to!string(getValueBool("resync_auth")));
 		addLogEntry("Config option 'cleanup_local_files'          = " ~ to!string(getValueBool("cleanup_local_files")));
+		addLogEntry("Config option 'disable_permission_set'       = " ~ to!string(getValueBool("disable_permission_set")));
 		addLogEntry("Config option 'transfer_order'               = " ~ getValueString("transfer_order"));
 
 		// data integrity
diff --git a/src/onedrive.d b/src/onedrive.d
@@ -780,9 +780,15 @@ class OneDriveApi {
 			try {
 				if (debugLogging) {addLogEntry("Requested local path does not exist, creating directory structure: " ~ newPath, ["debug"]);}
 				mkdirRecurse(newPath);
-				// Configure the applicable permissions for the folder
-				if (debugLogging) {addLogEntry("Setting directory permissions for: " ~ newPath, ["debug"]);}
-				newPath.setAttributes(appConfig.returnRequiredDirectoryPermissions());
+				// Has the user disabled the setting of filesystem permissions?
+				if (!appConfig.getValueBool("disable_permission_set")) {
+					// Configure the applicable permissions for the folder
+					if (debugLogging) {addLogEntry("Setting directory permissions for: " ~ newPath, ["debug"]);}
+					newPath.setAttributes(appConfig.returnRequiredDirectoryPermissions());
+				} else {
+					// Use inherited permissions
+					if (debugLogging) {addLogEntry("Using inherited filesystem permissions for: " ~ newPath, ["debug"]);}
+				}
 			} catch (FileException exception) {
 				// display the error message
 				displayFileSystemErrorMessage(exception.msg, getFunctionName!({}));
@@ -794,9 +800,15 @@ class OneDriveApi {
 		downloadFile(url, saveToPath, fileSize);
 		// Does path exist?
 		if (exists(saveToPath)) {
-			// File was downloaded successfully - configure the applicable permissions for the file
-			if (debugLogging) {addLogEntry("Setting file permissions for: " ~ saveToPath, ["debug"]);}
-			saveToPath.setAttributes(appConfig.returnRequiredFilePermissions());
+			// Has the user disabled the setting of filesystem permissions?
+			if (!appConfig.getValueBool("disable_permission_set")) {
+				// File was downloaded successfully - configure the applicable permissions for the file
+				if (debugLogging) {addLogEntry("Setting file permissions for: " ~ saveToPath, ["debug"]);}
+				saveToPath.setAttributes(appConfig.returnRequiredFilePermissions());
+			} else {
+				// Use inherited permissions
+				if (debugLogging) {addLogEntry("Using inherited filesystem permissions for: " ~ newPath, ["debug"]);}
+			}
 		}
 	}
 	
diff --git a/src/sync.d b/src/sync.d
@@ -2810,9 +2810,15 @@ class SyncEngine {
 					if (debugLogging) {addLogEntry("Requested local path does not exist, creating directory structure: " ~ newItemPath, ["debug"]);}
 					mkdirRecurse(newItemPath);
 					
-					// Configure the applicable permissions for the folder
-					if (debugLogging) {addLogEntry("Setting directory permissions for: " ~ newItemPath, ["debug"]);}
-					newItemPath.setAttributes(appConfig.returnRequiredDirectoryPermissions());
+					// Has the user disabled the setting of filesystem permissions?
+					if (!appConfig.getValueBool("disable_permission_set")) {
+						// Configure the applicable permissions for the folder
+						if (debugLogging) {addLogEntry("Setting directory permissions for: " ~ newItemPath, ["debug"]);}
+						newItemPath.setAttributes(appConfig.returnRequiredDirectoryPermissions());
+					} else {
+						// Use inherited permissions
+						if (debugLogging) {addLogEntry("Using inherited filesystem permissions for: " ~ newItemPath, ["debug"]);}
+					}
 					
 					// Update the time of the folder to match the last modified time as is provided by OneDrive
 					// If there are any files then downloaded into this folder, the last modified time will get 
