Details
-
Suggestion
-
Resolution: Answered
-
None
-
0
-
5
-
Description
There is a widespread Linux security practice to set the /tmp directory with "noexec" set. Because Bamboo proxies all SSH requests through /tmp/bamboo-ssh.9900a68e.sh, if the /tmp directory is set to noexec, Bamboo defaults to JGit. JGit is unreliable as a Git implementation, as it is slow and also changes the repository contents when cloning - for example, symlinks are cloned as flat files.
As I understand it, the push with Bamboo is to move away from JGit. However, doing so and also keeping /tmp/bamboo-ssh.9900a68e.sh hard-coded to /tmp will lead to problems with people who have secured /tmp, but need to use native Git.
This ticket is a suggestion to include a configurable property (either through the UI, or just directly in setenv.sh or bamboo.properties) where we can set the location of /tmp. This will allow us to keep our /tmp directory secured, yet not prevent Bamboo from using the native Git.
Attachments
Issue Links
- relates to
-
BAM-17980 Bamboo SSH script not found when running as a Windows Service under the System User
- Closed