user /tmp/hugo_$USER instead of /tmp/hugo_cache #7391
Comments
|
You can also do something like this in |
|
Indeed, and that's perhaps a better workaround than using --cacheDir, but I was advocating that this is best addressed in the default implementation. |
Agreed. |
|
Related issue: #5487 |
|
If you don't mind having all of your caches under source control (unless specifically ignored), you can also override the default location in |
|
That's another useful workaround, thanks. I guess avoiding the repo is just general good practice (folks accidentally adding them to source control and then committing large sets on every commit). I found many hugo themes which do not ignore /resources (but ignore /public). |
|
If you read https://gohugo.io/getting-started/configuration/#configure-file-caches There have been some thinking in this area, see the Some of the caches should be safe to share between users/projects. |
Traditional Unix uses a sticky bit on $TMPDIR to separate files and directories from different users safely. Currently, the first user running Hugo will therefore own $TMPDIR/hugo_cache, making it impossible for other users to use Hugo on the same host. If we were to tweak the directory permissions to fix this, a security issue would remain between different users, as a malicious actor could change cached files that are then incorporated into other users's website, or worse, could compromise the security of the other user's account by exploiting weaknesses in Hugo or one of its dependencies. Any potential upsides of caching between different users are outweighed by the security concerns, therefore completely separate Hugo's cache directory between users seems the correct way forward. *Fixes gohugoio#7391*.
Change the default cache directory to `$TMPDIR/hugo_cache_$USER`, so that multi-user systems do not have caches that interfere with each other. The other cache-choosing logic (e.g. Netlify exceptions, configuration options) are not affected. Fixes gohugoio#7391
Change the default cache directory to `$TMPDIR/hugo_cache_$USER`, so that multi-user systems do not have caches that interfere with each other. The other cache-choosing logic (e.g. Netlify exceptions, configuration options) are not affected. Fixes #7391
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Using 0.72 compiled from master from 2 days ago on Ubuntu 16.04 with go 1.14. Hugo by default uses /tmp/hugo_cache to store temp files. This is a problem on a multiuser system like ours. For example, one user runs
hugo serveron their project folder. Another user attempt to runhugoand fails as it can't write to/tmp/hugo_cachebeing owned by the previous user.I know it can be overcome by
--cacheDirbut it would be better to have hugo by default use/tmp/hugo_$USERinstead of the hardcoded/tmp/hugo(better never to hardcode things in general anyway). Or make it a random unique dir if it's easier for cross-OS compatibility, making sure gc is doing its job.The text was updated successfully, but these errors were encountered: