[libvirt] [PATCH] storage: use 0711 as the default perms for dirs
Daniel P. Berrange
berrange at redhat.com
Mon May 15 08:27:38 UTC 2017
On Thu, May 11, 2017 at 06:36:22PM -0400, John Ferlan wrote:
>
>
> On 05/11/2017 04:31 AM, Christian Ehrhardt wrote:
> > From: Serge Hallyn <serge.hallyn at ubuntu.com>
> >
> > There should be no need to make dir based pools world readable.
> > So use 0711, not 0755, as the default perms for storage dirs.
> >
> > Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
> > ---
> > docs/formatstorage.html.in | 2 +-
> > src/storage/storage_util.h | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
>
> Kinda surprised this didn't generate some immediate discussion... I
> would also think that if you had a desire to change defaults you'd also
> have a libvirt.spec.in adjustment...
Actually no it doesn't - the spec file is already marking
/var/lib/libvirt/images as 0711.
> Still 0755 or umask(022) seem to be fairly prevalent setting and having
> the <mode> for the XML to be able to override a default certainly gives
> credence to arguments in either direction whether or not to change the
> defaults.
>
> It's been a long while since I considered system/directory/file security
> things, but I have this faint recollection of some strange issue when
> not having world or group "executable" as a default.
The fact that RPM spec ships with 0711 show that it works ok. So I
think this change is reasonable.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list