* s6-log does not obey umask @ 2012-11-13 20:46 Vallo Kallaste 2012-11-14 2:29 ` Laurent Bercot 0 siblings, 1 reply; 6+ messages in thread From: Vallo Kallaste @ 2012-11-13 20:46 UTC (permalink / raw) To: supervision Hi I am not sure if it is intended behaviour or not. echo |/command/umask 0027 s6-log /some/dir will create lock and state files with permissions 0640, but current with 0744. It is the world-readable bit I am concerned with. -- Vallo ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask 2012-11-13 20:46 s6-log does not obey umask Vallo Kallaste @ 2012-11-14 2:29 ` Laurent Bercot 2012-11-14 8:57 ` Vallo Kallaste 0 siblings, 1 reply; 6+ messages in thread From: Laurent Bercot @ 2012-11-14 2:29 UTC (permalink / raw) To: Vallo Kallaste; +Cc: supervision > I am not sure if it is intended behaviour or not. > echo |/command/umask 0027 s6-log /some/dir will create lock and > state files with permissions 0640, but current with 0744. It is the > world-readable bit I am concerned with. It is intentional. When the current file is created, it actually respects the umask. When s6-log exits, it uses the fchmod() system call, which doesn't take the umask into account, to chmod the current file to 744, which is a marker that says "processed, safe file". There is no security problem : the /some/dir directory will have restricted, umask-following, rights, so the "current" file will be unreadable by others anyway. -- Laurent ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask 2012-11-14 2:29 ` Laurent Bercot @ 2012-11-14 8:57 ` Vallo Kallaste 2012-11-14 9:27 ` Laurent Bercot 0 siblings, 1 reply; 6+ messages in thread From: Vallo Kallaste @ 2012-11-14 8:57 UTC (permalink / raw) To: supervision, kalts On Wed, Nov 14, 2012 at 03:29:02AM +0100, Laurent Bercot <ska-supervision@skarnet.org> wrote: > > I am not sure if it is intended behaviour or not. > > echo |/command/umask 0027 s6-log /some/dir will create lock and > > state files with permissions 0640, but current with 0744. It is the > > world-readable bit I am concerned with. > > It is intentional. When the current file is created, it actually > respects the umask. When s6-log exits, it uses the fchmod() system call, > which doesn't take the umask into account, to chmod the current file to > 744, which is a marker that says "processed, safe file". > > There is no security problem : the /some/dir directory will have > restricted, umask-following, rights, so the "current" file will be > unreadable by others anyway. Ok, so be it. But the notion that /some/dir has always restricted rights is not true, it depends on circumstances. I will move other logdirs out of /some/dir, it's easier and cleaner than resorting to ACL kludgery. -- Vallo ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask 2012-11-14 8:57 ` Vallo Kallaste @ 2012-11-14 9:27 ` Laurent Bercot 2012-12-13 15:24 ` Vallo Kallaste 0 siblings, 1 reply; 6+ messages in thread From: Laurent Bercot @ 2012-11-14 9:27 UTC (permalink / raw) To: Vallo Kallaste; +Cc: supervision > Ok, so be it. But the notion that /some/dir has always restricted > rights is not true, it depends on circumstances. Well, if you run "s6-log /some/dir" and /some/dir doesn't previously exist, it is created with rights 2700 by default, so everything under it can only be accessed by the user. If you create /some/dir world-readable, or you make it world-readable after s6-log has started, then s6-log won't say anything, but it's your own choice and you cannot complain about s6-log exposing logs to the world. ;) > I will move other logdirs out of /some/dir, it's easier and cleaner > than resorting to ACL kludgery. In your example, /some/dir is a unique logdir. What are you trying to accomplish ? -- Laurent ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask 2012-11-14 9:27 ` Laurent Bercot @ 2012-12-13 15:24 ` Vallo Kallaste 2012-12-14 5:21 ` Laurent Bercot 0 siblings, 1 reply; 6+ messages in thread From: Vallo Kallaste @ 2012-12-13 15:24 UTC (permalink / raw) To: supervision On Wed, Nov 14, 2012 at 10:27:21AM +0100, Laurent Bercot <ska-supervision@skarnet.org> wrote: > > I will move other logdirs out of /some/dir, it's easier and cleaner > > than resorting to ACL kludgery. > > In your example, /some/dir is a unique logdir. What are you trying to > accomplish ? I had other logdirs under /some/dir, some services have additional logging and do not send all logs to stdout. /some/dir/current has world-readable bit always on. By allowing some UID's to step through the /some/dir to some other dir under it the UID can read /some/dir/current. The file name is always "current" so there is nothing left to guess even if the UID could not list the directory content. It is simple case and I moved the other logdirs out of /some/dir. BR, -- Vallo ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask 2012-12-13 15:24 ` Vallo Kallaste @ 2012-12-14 5:21 ` Laurent Bercot 0 siblings, 0 replies; 6+ messages in thread From: Laurent Bercot @ 2012-12-14 5:21 UTC (permalink / raw) To: supervision > I had other logdirs under /some/dir I should probably add to the documentation that a logdir should be exclusively reserved for a s6-log instance and that the user should not try to use it any other way, including making subdirectories in it. -- Laurent ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-12-14 5:21 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-11-13 20:46 s6-log does not obey umask Vallo Kallaste 2012-11-14 2:29 ` Laurent Bercot 2012-11-14 8:57 ` Vallo Kallaste 2012-11-14 9:27 ` Laurent Bercot 2012-12-13 15:24 ` Vallo Kallaste 2012-12-14 5:21 ` Laurent Bercot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).