[virt-tools-list] [PATCH] Don't create disk images world readable and executable

Ron ron at debian.org
Tue Jul 1 16:43:41 UTC 2014

On Tue, Jul 01, 2014 at 10:11:49AM +0200, Martin Kletzander wrote:
> I just found out that the os.open() does create file with 755 (with
> the default umask), but when I use (the preferred) open() it creates
> it with 644.  Still can't explain that, though.

The difference here is that os.open() calls open(2), while the
python open() function instead calls fopen(3).

The former is POSIX for low level I/O, that isn't generally portable
outside of POSIX systems, the latter is the portable C function for
stream I/O and knows nothing about filesystem permission bits, instead
having abstract 'mode' characters for indicating read/write/append use.

Since whether or not things can be flagged as 'executable' and how
is not a portable concept, if fopen(3) creates files it does so with
permission 0666 & ~umask on POSIX systems, and there is no way to
specify that more explicitly.

If we need to make files that should only be accessed by a privileged
user or group by default, then we'll need to use os.open() with an
appropriate mode specified for that.


More information about the virt-tools-list mailing list