[libvirt] [PATCH] storage: use 0711 as the default perms for dirs
Christian Ehrhardt
christian.ehrhardt at canonical.com
Mon May 15 10:58:22 UTC 2017
On Mon, May 15, 2017 at 10:27 AM, Daniel P. Berrange <berrange at redhat.com>
wrote:
> > Kinda surprised this didn't generate some immediate discussion... I
> > would also think that if you had a desire to change defaults you'd also
> > have a libvirt.spec.in adjustment...
>
> Actually no it doesn't - the spec file is already marking
> /var/lib/libvirt/images as 0711.
As reference that is the current spec content:
libvirt.spec.in:1745:%dir %attr(0711, root, root)
%{_localstatedir}/lib/libvirt/images/
> > Still 0755 or umask(022) seem to be fairly prevalent setting and having
> > the <mode> for the XML to be able to override a default certainly gives
> > credence to arguments in either direction whether or not to change the
> > defaults.
> >
> > It's been a long while since I considered system/directory/file security
> > things, but I have this faint recollection of some strange issue when
> > not having world or group "executable" as a default.
>
> The fact that RPM spec ships with 0711 show that it works ok. So I
> think this change is reasonable.
Interesting, I didn't check the RPM spec - thanks Daniel to point this out.
It is 711 on Ubuntu as well for quite some time now.
Both together make this even less likely to have hidden drawbacks.
--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170515/c586669d/attachment-0001.htm>
More information about the libvir-list
mailing list