Use spack/user-specific stage root by default; stage cleaning (#12516)

* When cleaning the stage root, only remove directories that appear
  to be used for staging Spack packages. Previously Spack was clearing
  all directories in the stage root, which could remove content not
  related to Spack if the user chose a staging root which contains
  files/directories not managed by Spack.
* The documentation is updated with warnings about choosing a stage
  directory that is only managed by Spack (although generally the
  check added in this PR for "spack clean" should avoid removing
  content that was not created by Spack)
* The default stage directory (in config.yaml) is now
  $tempdir/$user/spack-stage and the logic is updated to omit the
  $user portion of this path if $tempdir already contains a $user
  directory.
* When creating stage root assign user read/write permissions to all
  directories in the path under $user. Previously Spack was assigning
  the permissions of the first existing parent directory

8 files changed, 178 insertions, 79 deletions

diff --git a/etc/spack/defaults/config.yaml b/etc/spack/defaults/config.yaml
index 33a37bbdfa..1b6d83f359 100644
--- a/etc/spack/defaults/config.yaml
+++ b/etc/spack/defaults/config.yaml
@@ -40,11 +40,8 @@ config:
   # Recommended options are given below.
   #
   # Builds can be faster in temporary directories on some (e.g., HPC) systems.
-  # Specifying `$tempdir` will ensure use of the system default temporary
-  # directory (as returned by `tempfile.gettempdir()`).  Spack will append
-  # `spack-stage` and, if the username is not already in the path, the value
-  # of `$user` to the path.  The latter is used to avoid conflicts between
-  # users in shared temporary spaces.
+  # Specifying `$tempdir` will ensure use of the default temporary directory
+  # (i.e., ``$TMP` or ``$TMPDIR``).
   #
   # Another option that prevents conflicts and potential permission issues is
   # to specify `~/.spack/stage`, which ensures each user builds in their home
@@ -52,13 +49,21 @@ config:
   #
   # A more traditional path uses the value of `$spack/var/spack/stage`, which
   # builds directly inside Spack's instance without staging them in a
-  # temporary space.
+  # temporary space.  Problems with specifying a path inside a Spack instance
+  # are that it precludes its use as a system package and its ability to be
+  # pip installable.
+  #
+  # In any case, if the username is not already in the path, Spack will append
+  # the value of `$user` in an attempt to avoid potential conflicts between
+  # users in shared temporary spaces.
   #
   # The build stage can be purged with `spack clean --stage` and
   # `spack clean -a`, so it is important that the specified directory uniquely
   # identifies Spack staging to avoid accidentally wiping out non-Spack work.
   build_stage:
-    - $tempdir/spack-stage
+    - $tempdir/$user/spack-stage
+    - ~/.spack/stage
+  # - $spack/var/spack/stage
 
 
   # Cache directory for already downloaded source tarballs and archived
diff --git a/lib/spack/docs/config_yaml.rst b/lib/spack/docs/config_yaml.rst
index ef5d7b65be..92030b8ac9 100644
--- a/lib/spack/docs/config_yaml.rst
+++ b/lib/spack/docs/config_yaml.rst
@@ -86,22 +86,28 @@ Spack is designed to run out of a user home directory, and on many
 systems the home directory is a (slow) network file system.  On most systems,
 building in a temporary file system is faster.  Usually, there is also more
 space available in the temporary location than in the home directory.  If the
-username is not already in the path, Spack will also append the value of
-`$user` to the path.
+username is not already in the path, Spack will append the value of ``$user`` to
+the selected ``build_stage`` path.
 
-.. warning:: We highly recommend appending `spack-stage` to `$tempdir` in order
-   to ensure `spack clean` does not delete everything in `$tempdir`.
+.. warning:: We highly recommend specifying ``build_stage`` paths that
+   distinguish between staging and other activities to ensure 
+   ``spack clean`` does not inadvertently remove unrelated files.
+   This can be accomplished by using a combination of ``spack`` and or
+   ``stage`` in each path as shown in the default settings and documented
+   examples.
 
 By default, Spack's ``build_stage`` is configured like this:
 
 .. code-block:: yaml
 
    build_stage:
-    - $tempdir/spack-stage
+    - $tempdir/$user/spack-stage
+    - ~/.spack/stage
 
 This can be an ordered list of paths that Spack should search when trying to
 find a temporary directory for the build stage.  The list is searched in
 order, and Spack will use the first directory to which it has write access.
+
 Specifying `~/.spack/stage` first will ensure each user builds in their home
 directory.  The historic Spack stage path `$spack/var/spack/stage` will build
 directly inside the Spack instance.  See :ref:`config-file-variables` for more
@@ -116,7 +122,7 @@ deleted, but you can manually purge them with :ref:`spack clean --stage
 .. note::
 
    The build will fail if there is no writable directory in the ``build_stage``
-   list.
+   list, where any user- and site-specific setting will be searched first.
 
 --------------------
 ``source_cache``
diff --git a/lib/spack/docs/configuration.rst b/lib/spack/docs/configuration.rst
index 4ce08d067e..c89a90f2e9 100644
--- a/lib/spack/docs/configuration.rst
+++ b/lib/spack/docs/configuration.rst
@@ -36,8 +36,8 @@ Here is an example ``config.yaml`` file:
      module_roots:
        lmod: $spack/share/spack/lmod
      build_stage:
-       - $tempdir
-       - /nfs/tmp2/$user
+       - $tempdir/$user/spack-stage
+       - ~/.spack/stage
 
 Each Spack configuration file is nested under a top-level section
 corresponding to its name. So, ``config.yaml`` starts with ``config:``,
@@ -244,8 +244,8 @@ your configurations look like this:
      module_roots:
        lmod: $spack/share/spack/lmod
      build_stage:
-       - $tempdir
-       - /nfs/tmp2/$user
+       - $tempdir/$user/spack-stage
+       - ~/.spack/stage
 
 
 .. code-block:: yaml
@@ -269,8 +269,8 @@ command:
      module_roots:
        lmod: $spack/share/spack/lmod
      build_stage:
-       - $tempdir
-       - /nfs/tmp2/$user
+       - $tempdir/$user/spack-stage
+       - ~/.spack/stage
 
 
 .. _config-overrides:
@@ -312,8 +312,8 @@ Let's revisit the ``config.yaml`` example one more time. The
    :caption: $(prefix)/etc/spack/defaults/config.yaml
 
    build_stage:
-     - $tempdir
-     - /nfs/tmp2/$user
+     - $tempdir/$user/spack-stage
+     - ~/.spack/stage
 
 
 Suppose the user configuration adds its *own* list of ``build_stage``
@@ -323,7 +323,7 @@ paths:
    :caption: ~/.spack/config.yaml
 
    build_stage:
-     - /lustre-scratch/$user
+     - /lustre-scratch/$user/spack
      - ~/mystage
 
 
@@ -341,10 +341,10 @@ get config`` shows the result:
      module_roots:
        lmod: $spack/share/spack/lmod
      build_stage:
-       - /lustre-scratch/$user
+       - /lustre-scratch/$user/spack
        - ~/mystage
-       - $tempdir
-       - /nfs/tmp2/$user
+       - $tempdir/$user/spack-stage
+       - ~/.spack/stage
 
 
 As in :ref:`config-overrides`, the higher-precedence scope can
@@ -356,7 +356,7 @@ user config looked like this:
    :caption: ~/.spack/config.yaml
 
    build_stage::
-     - /lustre-scratch/$user
+     - /lustre-scratch/$user/spack
      - ~/mystage
 
 
@@ -371,7 +371,7 @@ The merged configuration would look like this:
      module_roots:
        lmod: $spack/share/spack/lmod
      build_stage:
-       - /lustre-scratch/$user
+       - /lustre-scratch/$user/spack
        - ~/mystage
 
 
@@ -465,8 +465,8 @@ account all scopes. For example, to see the fully merged
        lmod: $spack/share/spack/lmod
        dotkit: $spack/share/spack/dotkit
      build_stage:
-     - $tempdir
-     - /nfs/tmp2/$user
+     - $tempdir/$user/spack-stage
+     - ~/.spack/stage
      - $spack/var/spack/stage
      source_cache: $spack/var/spack/cache
      misc_cache: ~/.spack/cache
@@ -516,8 +516,8 @@ down the problem:
    /home/myuser/spack/etc/spack/defaults/config.yaml:34      lmod: $spack/share/spack/lmod
    /home/myuser/spack/etc/spack/defaults/config.yaml:35      dotkit: $spack/share/spack/dotkit
    /home/myuser/spack/etc/spack/defaults/config.yaml:49    build_stage:
-   /home/myuser/spack/etc/spack/defaults/config.yaml:50    - $tempdir
-   /home/myuser/spack/etc/spack/defaults/config.yaml:51    - /nfs/tmp2/$user
+   /home/myuser/spack/etc/spack/defaults/config.yaml:50    - $tempdir/$user/spack-stage
+   /home/myuser/spack/etc/spack/defaults/config.yaml:51    - ~/.spack/stage
    /home/myuser/spack/etc/spack/defaults/config.yaml:52    - $spack/var/spack/stage
    /home/myuser/spack/etc/spack/defaults/config.yaml:57    source_cache: $spack/var/spack/cache
    /home/myuser/spack/etc/spack/defaults/config.yaml:62    misc_cache: ~/.spack/cache
diff --git a/lib/spack/docs/packaging_guide.rst b/lib/spack/docs/packaging_guide.rst
index 6c3d7c0602..4b062c8a1a 100644
--- a/lib/spack/docs/packaging_guide.rst
+++ b/lib/spack/docs/packaging_guide.rst
@@ -3915,7 +3915,8 @@ The first step of ``spack install``.  Takes a spec and determines the
 correct download URL to use for the requested package version, then
 downloads the archive, checks it against an MD5 checksum, and stores
 it in a staging directory if the check was successful.  The staging
-directory will be located under ``$SPACK_HOME/var/spack``.
+directory will be located under the first writable directory in the
+``build_stage`` configuration setting.
 
 When run after the archive has already been downloaded, ``spack
 fetch`` is idempotent and will not download the archive again.
diff --git a/lib/spack/docs/tutorial_configuration.rst b/lib/spack/docs/tutorial_configuration.rst
index 6b97687cb9..565a6c02b5 100644
--- a/lib/spack/docs/tutorial_configuration.rst
+++ b/lib/spack/docs/tutorial_configuration.rst
@@ -849,7 +849,17 @@ from this file system with the following ``config.yaml``:
 
    config:
      build_stage:
-       - /scratch/$user
+       - /scratch/$user/spack-stage
+
+
+.. note::
+
+   It is important to distinguish the build stage directory from other
+   directories in your scratch space to ensure ``spack clean`` does not
+   inadvertently remove unrelated files.  This can be accomplished by
+   including a combination of ``spack`` and or ``stage`` in each path
+   as shown in the default settings and documented examples.  See
+   :ref:`config-yaml` for details.
 
 
 On systems with compilers that absolutely *require* environment variables
diff --git a/lib/spack/spack/stage.py b/lib/spack/spack/stage.py
index 56d48fa59d..4e950482cf 100644
--- a/lib/spack/spack/stage.py
+++ b/lib/spack/spack/stage.py
@@ -4,6 +4,7 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
 
 import os
+import re
 import stat
 import sys
 import errno
@@ -36,6 +37,39 @@ _source_path_subdir = 'spack-src'
 _stage_prefix = 'spack-stage-'
 
 
+def _create_stage_root(path):
+    """Create the stage root directory and ensure appropriate access perms."""
+    assert path.startswith(os.path.sep) and len(path.strip()) > 1
+
+    curr_dir = os.path.sep
+    parts = path.strip(os.path.sep).split(os.path.sep)
+    for i, part in enumerate(parts):
+        curr_dir = os.path.join(curr_dir, part)
+        if not os.path.exists(curr_dir):
+            rest = os.path.join(os.path.sep, *parts[i + 1:])
+            user_parts = rest.partition(os.path.sep + getpass.getuser())
+            if len(user_parts[0]) > 0:
+                # Ensure access controls of subdirs created above `$user`
+                # inherit from the parent and share the group.
+                stats = os.stat(os.path.dirname(curr_dir))
+                curr_dir = ''.join([curr_dir, user_parts[0]])
+                mkdirp(curr_dir, group=stats.st_gid, mode=stats.st_mode)
+
+            user_subdirs = ''.join(user_parts[1:])
+            if len(user_subdirs) > 0:
+                # Ensure access controls of subdirs from `$user` on down are
+                # restricted to the user.
+                curr_dir = ''.join([curr_dir, user_subdirs])
+                mkdirp(curr_dir, mode=stat.S_IRWXU)
+
+            assert os.getuid() == os.stat(curr_dir).st_uid
+            break
+
+    if not can_access(path):
+        raise OSError(errno.EACCES,
+                      'Cannot access %s: Permission denied' % curr_dir)
+
+
 def _first_accessible_path(paths):
     """Find the first path that is accessible, creating it if necessary."""
     for path in paths:
@@ -45,20 +79,9 @@ def _first_accessible_path(paths):
                 if can_access(path):
                     return path
             else:
-                # The path doesn't exist so create it and adjust permissions
-                # and group as needed (e.g., shared ``$tempdir``).
-                prefix = os.path.sep
-                parts = path.strip(os.path.sep).split(os.path.sep)
-                for part in parts:
-                    prefix = os.path.join(prefix, part)
-                    if not os.path.exists(prefix):
-                        break
-                parent = os.path.dirname(prefix)
-                gid = os.stat(parent).st_gid
-                mkdirp(path, group=gid, default_perms='parents')
-
-                if can_access(path):
-                    return path
+                # Now create the stage root with the proper group/perms.
+                _create_stage_root(path)
+                return path
 
         except OSError as e:
             tty.debug('OSError while checking stage path %s: %s' % (
@@ -67,6 +90,23 @@ def _first_accessible_path(paths):
     return None
 
 
+def _resolve_paths(candidates):
+    """Resolve paths, removing extra $user from $tempdir if needed."""
+    temp_path = sup.canonicalize_path('$tempdir')
+    tmp_has_usr = getpass.getuser() in temp_path.split(os.path.sep)
+
+    paths = []
+    for path in candidates:
+        # First remove the extra `$user` node from a `$tempdir/$user` entry
+        # for hosts that automatically append `$user` to `$tempdir`.
+        if path.startswith(os.path.join('$tempdir', '$user')) and tmp_has_usr:
+            path = os.path.join('$tempdir', path[15:])
+
+        paths.append(sup.canonicalize_path(path))
+
+    return paths
+
+
 # Cached stage path root
 _stage_root = None
 
@@ -79,18 +119,19 @@ def get_stage_root():
         if isinstance(candidates, string_types):
             candidates = [candidates]
 
-        resolved_candidates = [sup.canonicalize_path(x) for x in candidates]
+        resolved_candidates = _resolve_paths(candidates)
         path = _first_accessible_path(resolved_candidates)
         if not path:
             raise StageError("No accessible stage paths in:",
                              ' '.join(resolved_candidates))
 
-        # Ensure that any temp path is unique per user, so users don't
-        # fight over shared temporary space.
+        # Ensure that path is unique per user in an attempt to avoid
+        # conflicts in shared temporary spaces.  Emulate permissions from
+        # `tempfile.mkdtemp`.
         user = getpass.getuser()
         if user not in path:
             path = os.path.join(path, user)
-            mkdirp(path)
+            mkdirp(path, mode=stat.S_IRWXU)
 
         _stage_root = path
 
@@ -636,9 +677,13 @@ def purge():
     """Remove all build directories in the top-level stage path."""
     root = get_stage_root()
     if os.path.isdir(root):
+        # TODO: Figure out a "standard" way to identify the hash length
+        # TODO: Should this support alternate base represenations?
+        dir_expr = re.compile(r'.*-[0-9a-f]{32}$')
         for stage_dir in os.listdir(root):
-            stage_path = os.path.join(root, stage_dir)
-            remove_linked_tree(stage_path)
+            if re.match(dir_expr, stage_dir) or stage_dir == '.lock':
+                stage_path = os.path.join(root, stage_dir)
+                remove_linked_tree(stage_path)
 
 
 class StageError(spack.error.SpackError):
diff --git a/lib/spack/spack/test/data/config.yaml b/lib/spack/spack/test/data/config.yaml
index 501001ff00..2d2c2e356a 100644
--- a/lib/spack/spack/test/data/config.yaml
+++ b/lib/spack/spack/test/data/config.yaml
@@ -5,9 +5,8 @@ config:
   - $spack/lib/spack/spack/test/data/templates
   - $spack/lib/spack/spack/test/data/templates_again
   build_stage:
-  - $tempdir/spack-stage-test
-  - /nfs/tmp2/$user
-  - $spack/var/spack/stage
+  - $tempdir/$user/spack-stage
+  - ~/.spack/stage
   source_cache: $spack/var/spack/cache
   misc_cache: ~/.spack/cache
   verify_ssl: true
diff --git a/lib/spack/spack/test/stage.py b/lib/spack/spack/test/stage.py
index b8b217032a..5e21c48cc4 100644
--- a/lib/spack/spack/test/stage.py
+++ b/lib/spack/spack/test/stage.py
@@ -4,10 +4,10 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
 
 """Test that the Stage class works correctly."""
-import grp
 import os
 import collections
 import shutil
+import stat
 import tempfile
 import getpass
 
@@ -406,6 +406,30 @@ def search_fn():
     return _Mock()
 
 
+def check_stage_dir_perms(prefix, path):
+    """Check the stage directory perms to ensure match expectations."""
+    # Ensure the path's subdirectories -- to `$user` -- have their parent's
+    # perms while those from `$user` on are owned and restricted to the
+    # user.
+    status = os.stat(prefix)
+    gid = status.st_gid
+    uid = os.getuid()
+    user = getpass.getuser()
+    parts = path[len(prefix) + 1:].split(os.path.sep)
+    have_user = False
+    for part in parts:
+        if part == user:
+            have_user = True
+        prefix = os.path.join(prefix, part)
+        prefix_status = os.stat(prefix)
+        if not have_user:
+            assert gid == prefix_status.st_gid
+            assert status.st_mode == prefix_status.st_mode
+        else:
+            assert uid == status.st_uid
+            assert status.st_mode & stat.S_IRWXU == stat.S_IRWXU
+
+
 @pytest.mark.usefixtures('mock_packages')
 class TestStage(object):
 
@@ -684,6 +708,7 @@ class TestStage(object):
         path = spack.stage._first_accessible_path(files)
         assert path == name
         assert os.path.isdir(path)
+        check_stage_dir_perms(str(tmpdir), path)
 
         # Ensure an existing path is returned
         spack_subdir = spack_dir.join('existing').ensure(dir=True)
@@ -691,31 +716,33 @@ class TestStage(object):
         path = spack.stage._first_accessible_path([subdir])
         assert path == subdir
 
+        # Ensure a path with a `$user` node has the right permissions
+        # for its subdirectories.
+        user = getpass.getuser()
+        user_dir = spack_dir.join(user, 'has', 'paths')
+        user_path = str(user_dir)
+        path = spack.stage._first_accessible_path([user_path])
+        assert path == user_path
+        check_stage_dir_perms(str(tmpdir), path)
+
         # Cleanup
         shutil.rmtree(str(name))
 
-    def test_first_accessible_perms(self, tmpdir):
-        """Test _first_accessible_path permissions."""
-        name = str(tmpdir.join('first', 'path'))
-        path = spack.stage._first_accessible_path([name])
+    def test_resolve_paths(self):
+        """Test _resolve_paths."""
 
-        # Ensure the non-existent path was created
-        assert path == name
-        assert os.path.isdir(path)
+        assert spack.stage._resolve_paths([]) == []
 
-        # Ensure the non-existent subdirectories have their parent's perms
-        prefix = str(tmpdir)
-        status = os.stat(prefix)
-        group = grp.getgrgid(status.st_gid)[0]
-        parts = path[len(prefix):].split(os.path.sep)
-        for part in parts:
-            prefix = os.path.join(prefix, part)
-            prefix_status = os.stat(prefix)
-            assert group == grp.getgrgid(os.stat(prefix).st_gid)[0]
-            assert status.st_mode == prefix_status.st_mode
+        paths = [os.path.join(os.path.sep, 'a', 'b', 'c')]
+        assert spack.stage._resolve_paths(paths) == paths
 
-        # Cleanup
-        shutil.rmtree(os.path.dirname(name))
+        tmp = '$tempdir'
+        paths = [os.path.join(tmp, 'stage'), os.path.join(tmp, '$user')]
+        can_paths = [canonicalize_path(paths[0]), canonicalize_path(tmp)]
+        user = getpass.getuser()
+        if user not in can_paths[1].split(os.path.sep):
+            can_paths[1] = os.path.join(can_paths[1], user)
+        assert spack.stage._resolve_paths(paths) == can_paths
 
     def test_get_stage_root_bad_path(self, clear_stage_root, bad_stage_path):
         """Ensure an invalid stage path root raises a StageError."""
@@ -756,15 +783,21 @@ class TestStage(object):
         # Make sure the cached stage path values are changed appropriately.
         assert spack.stage._stage_root == path
 
-        # Add then purge a couple of directories
-        dir1 = tmpdir.join('dir1')
+        # Add then purge a few directories
+        dir1 = tmpdir.join('stage-1234567890abcdef1234567890abcdef')
         dir1.ensure(dir=True)
-        dir2 = tmpdir.join('dir2')
+        dir2 = tmpdir.join('stage-abcdef12345678900987654321fedcba')
         dir2.ensure(dir=True)
+        dir3 = tmpdir.join('stage-a1b2c3')
+        dir3.ensure(dir=True)
 
         spack.stage.purge()
         assert not os.path.exists(str(dir1))
         assert not os.path.exists(str(dir2))
+        assert os.path.exists(str(dir3))
+
+        # Cleanup
+        shutil.rmtree(str(dir3))
 
     def test_get_stage_root_in_spack(self, clear_stage_root,
                                      instance_path_for_stage):