[Ovirt-devel] [PATCH server] secure the perissions on the ovirt.pp manifest file
Jeremy Katz
katzj at redhat.com
Fri Feb 27 16:32:20 UTC 2009
On Thursday, February 26 2009, Joey Boggs said:
> Jeremy Katz wrote:
>> On Wednesday, February 25 2009, Joey Boggs said:
>>> Secures the permissions on ovirt.pp to only allow only root read/write access all other 000
[snip]
> If we move the chmod right after the file is created is that better or
> wrong since the file is open while we performing the operation? Set to
> 600 as well
> ----------------------------------------------------------------
> FileUtils.mkdir_p("/usr/share/ace/appliances/ovirt")
> config_file = File.new("/usr/share/ace/appliances/ovirt/ovirt.pp", "w")
> File.chmod 0600, '/usr/share/ace/appliances/ovirt/ovirt.pp'
A quick look at the ruby docs and File.new takes a permission argument.
So config_file = File.new("/path", "w", 0600) should be better[1]
Jeremy
[1] And if it's not, then ruby needs fixing :-)
More information about the ovirt-devel
mailing list