[Ovirt-devel] [PATCH server] secure the perissions on the ovirt.pp manifest file
Joey Boggs
jboggs at redhat.com
Mon Mar 2 15:13:19 UTC 2009
Jeremy Katz wrote:
> On Thursday, February 26 2009, Joey Boggs said:
>
>> Jeremy Katz wrote:
>>
>>> On Wednesday, February 25 2009, Joey Boggs said:
>>>
>>>> Secures the permissions on ovirt.pp to only allow only root read/write access all other 000
>>>>
> [snip]
>
>> If we move the chmod right after the file is created is that better or
>> wrong since the file is open while we performing the operation? Set to
>> 600 as well
>>
>
>
>> ----------------------------------------------------------------
>> FileUtils.mkdir_p("/usr/share/ace/appliances/ovirt")
>> config_file = File.new("/usr/share/ace/appliances/ovirt/ovirt.pp", "w")
>> File.chmod 0600, '/usr/share/ace/appliances/ovirt/ovirt.pp'
>>
>
> A quick look at the ruby docs and File.new takes a permission argument.
> So config_file = File.new("/path", "w", 0600) should be better[1]
>
> Jeremy
>
> [1] And if it's not, then ruby needs fixing :-)
>
> _______________________________________________
> Ovirt-devel mailing list
> Ovirt-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/ovirt-devel
>
Last go at it :)
diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
index 3ba9813..cb0bf15 100755
--- a/installer/bin/ovirt-installer
+++ b/installer/bin/ovirt-installer
@@ -292,7 +292,7 @@ END_OF_TEMPLATE
# Generate the file and output it.
FileUtils.mkdir_p("/usr/share/ace/appliances/ovirt")
-config_file = File.new("/usr/share/ace/appliances/ovirt/ovirt.pp", "w")
+config_file = File.new("/usr/share/ace/appliances/ovirt/ovirt.pp", "w",
0600)
config_file.write(ERB.new(template, 0, "%>").result)
config_file.close()
More information about the ovirt-devel
mailing list