* s6-log does not obey umask
@ 2012-11-13 20:46 Vallo Kallaste
2012-11-14 2:29 ` Laurent Bercot
0 siblings, 1 reply; 6+ messages in thread
From: Vallo Kallaste @ 2012-11-13 20:46 UTC (permalink / raw)
To: supervision
Hi
I am not sure if it is intended behaviour or not.
echo |/command/umask 0027 s6-log /some/dir will create lock and
state files with permissions 0640, but current with 0744. It is the
world-readable bit I am concerned with.
--
Vallo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask
2012-11-13 20:46 s6-log does not obey umask Vallo Kallaste
@ 2012-11-14 2:29 ` Laurent Bercot
2012-11-14 8:57 ` Vallo Kallaste
0 siblings, 1 reply; 6+ messages in thread
From: Laurent Bercot @ 2012-11-14 2:29 UTC (permalink / raw)
To: Vallo Kallaste; +Cc: supervision
> I am not sure if it is intended behaviour or not.
> echo |/command/umask 0027 s6-log /some/dir will create lock and
> state files with permissions 0640, but current with 0744. It is the
> world-readable bit I am concerned with.
It is intentional. When the current file is created, it actually
respects the umask. When s6-log exits, it uses the fchmod() system call,
which doesn't take the umask into account, to chmod the current file to
744, which is a marker that says "processed, safe file".
There is no security problem : the /some/dir directory will have
restricted, umask-following, rights, so the "current" file will be
unreadable by others anyway.
--
Laurent
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask
2012-11-14 2:29 ` Laurent Bercot
@ 2012-11-14 8:57 ` Vallo Kallaste
2012-11-14 9:27 ` Laurent Bercot
0 siblings, 1 reply; 6+ messages in thread
From: Vallo Kallaste @ 2012-11-14 8:57 UTC (permalink / raw)
To: supervision, kalts
On Wed, Nov 14, 2012 at 03:29:02AM +0100, Laurent Bercot
<ska-supervision@skarnet.org> wrote:
> > I am not sure if it is intended behaviour or not.
> > echo |/command/umask 0027 s6-log /some/dir will create lock and
> > state files with permissions 0640, but current with 0744. It is the
> > world-readable bit I am concerned with.
>
> It is intentional. When the current file is created, it actually
> respects the umask. When s6-log exits, it uses the fchmod() system call,
> which doesn't take the umask into account, to chmod the current file to
> 744, which is a marker that says "processed, safe file".
>
> There is no security problem : the /some/dir directory will have
> restricted, umask-following, rights, so the "current" file will be
> unreadable by others anyway.
Ok, so be it. But the notion that /some/dir has always restricted
rights is not true, it depends on circumstances.
I will move other logdirs out of /some/dir, it's easier and cleaner
than resorting to ACL kludgery.
--
Vallo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask
2012-11-14 8:57 ` Vallo Kallaste
@ 2012-11-14 9:27 ` Laurent Bercot
2012-12-13 15:24 ` Vallo Kallaste
0 siblings, 1 reply; 6+ messages in thread
From: Laurent Bercot @ 2012-11-14 9:27 UTC (permalink / raw)
To: Vallo Kallaste; +Cc: supervision
> Ok, so be it. But the notion that /some/dir has always restricted
> rights is not true, it depends on circumstances.
Well, if you run "s6-log /some/dir" and /some/dir doesn't
previously exist, it is created with rights 2700 by default, so
everything under it can only be accessed by the user.
If you create /some/dir world-readable, or you make it world-readable
after s6-log has started, then s6-log won't say anything, but it's your
own choice and you cannot complain about s6-log exposing logs to the
world. ;)
> I will move other logdirs out of /some/dir, it's easier and cleaner
> than resorting to ACL kludgery.
In your example, /some/dir is a unique logdir. What are you trying to
accomplish ?
--
Laurent
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask
2012-11-14 9:27 ` Laurent Bercot
@ 2012-12-13 15:24 ` Vallo Kallaste
2012-12-14 5:21 ` Laurent Bercot
0 siblings, 1 reply; 6+ messages in thread
From: Vallo Kallaste @ 2012-12-13 15:24 UTC (permalink / raw)
To: supervision
On Wed, Nov 14, 2012 at 10:27:21AM +0100, Laurent Bercot
<ska-supervision@skarnet.org> wrote:
> > I will move other logdirs out of /some/dir, it's easier and cleaner
> > than resorting to ACL kludgery.
>
> In your example, /some/dir is a unique logdir. What are you trying to
> accomplish ?
I had other logdirs under /some/dir, some services have additional
logging and do not send all logs to stdout. /some/dir/current has
world-readable bit always on. By allowing some UID's to step through
the /some/dir to some other dir under it the UID can read
/some/dir/current. The file name is always "current" so there is
nothing left to guess even if the UID could not list the directory
content.
It is simple case and I moved the other logdirs out of /some/dir.
BR,
--
Vallo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: s6-log does not obey umask
2012-12-13 15:24 ` Vallo Kallaste
@ 2012-12-14 5:21 ` Laurent Bercot
0 siblings, 0 replies; 6+ messages in thread
From: Laurent Bercot @ 2012-12-14 5:21 UTC (permalink / raw)
To: supervision
> I had other logdirs under /some/dir
I should probably add to the documentation that a logdir should be
exclusively reserved for a s6-log instance and that the user should not
try to use it any other way, including making subdirectories in it.
--
Laurent
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-12-14 5:21 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-13 20:46 s6-log does not obey umask Vallo Kallaste
2012-11-14 2:29 ` Laurent Bercot
2012-11-14 8:57 ` Vallo Kallaste
2012-11-14 9:27 ` Laurent Bercot
2012-12-13 15:24 ` Vallo Kallaste
2012-12-14 5:21 ` Laurent Bercot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).