snowflakedb/snowflake-cli

SNOW-1633621: Homebrew Formula Creates config.toml Whose Permissions Are Too Wide

sfc-gh-cwiese opened this issue · 2 comments

sfc-gh-cwiese commented

SnowCLI version

Snowflake CLI version: 2.6.1

Python version

Python 3.11.5

Platform

macOS-14.6.1-arm64-arm-64bit

What happened

A user installed the snowflake-cli via homebrew and immediately ran into the Configuration file has too wide permissions error. The config file should be created with the correct permissions.

Console output

(base) edendulk@HP7JGV926Q Applications % brew tap snowflakedb/snowflake-cli
brew update
==> Tapping snowflakedb/snowflake-cli
Cloning into '/opt/homebrew/Library/Taps/snowflakedb/homebrew-snowflake-cli'...
remote: Enumerating objects: 182, done.
remote: Counting objects: 100% (82/82), done.
remote: Compressing objects: 100% (40/40), done.
remote: Total 182 (delta 49), reused 67 (delta 42), pack-reused 100 (from 1)
Receiving objects: 100% (182/182), 57.91 KiB | 3.05 MiB/s, done.
Resolving deltas: 100% (87/87), done.
Tapped 4 formulae (24 files, 86.7KB).
==> Updating Homebrew...
Already up-to-date.
(base) edendulk@HP7JGV926Q Applications % snow --help
╭─ Error ───────────────────────────────────────────────────────╮
│ Configuration file /Users/edendulk/Library/Application        │
│ Support/snowflake/config.toml has too wide permissions, run   │
│ `chmod 0600 "/Users/edendulk/Library/Application              │
│ Support/snowflake/config.toml"`                               │
╰───────────────────────────────────────────────────────────────╯
(base) edendulk@HP7JGV926Q Applications % chmod 0600 "/Users/edendulk/Library/Application              │
│ Support/snowflake/config.toml"
chmod: /Users/edendulk/Library/Application              │
│ Support/snowflake/config.toml: No such file or directory

How to reproduce

No response

sfc-gh-astus commented

config.toml was created by SnowSQL, that is why has too wide permissions.

sfc-gh-cwiese commented

@sfc-gh-astus even if the config.toml was created by SnowSQL, could the snowcli formula not check the permissions of the file and fix them if required, instead of requiring the user to do it?