[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] storage: use 0711 as the default perms for dirs

On Mon, May 15, 2017 at 10:27 AM, Daniel P. Berrange <berrange redhat com> wrote:
> Kinda surprised this didn't generate some immediate discussion...  I
> would also think that if you had a desire to change defaults you'd also
> have a libvirt.spec.in adjustment...

Actually no it doesn't - the spec file is already marking
/var/lib/libvirt/images as 0711.

As reference that is the current spec content:
 libvirt.spec.in:1745:%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
> Still 0755 or umask(022) seem to be fairly prevalent setting and having
> the <mode> for the XML to be able to override a default certainly gives
> credence to arguments in either direction whether or not to change the
> defaults.
> It's been a long while since I considered system/directory/file security
> things, but I have this faint recollection of some strange issue when
> not having world or group "executable" as a default.

The fact that RPM spec ships with 0711 show that it works ok. So I
think this change is reasonable.

Interesting, I didn't check the RPM spec - thanks Daniel to point this out.
It is 711 on Ubuntu as well for quite some time now.
Both together make this even less likely to have hidden drawbacks.

Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]