user permissions on directories
Bug #869235 reported by
Chmouel Boudjnah
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Medium
|
Chmouel Boudjnah |
Bug Description
Swift is creating directories with a umask(0) as seen in :
swift/common/
479: os.umask(0) # ensure files are created with the correct privileges
which create directories in word readable/writable (777) :
swift@storage03
total 8
drwxrwxrwx 9 swift nogroup 94 2011-10-05 18:28 accounts/
drwxrwxrwx 21 swift nogroup 4096 2011-10-05 18:20 containers/
drwxrwxrwx 16 swift nogroup 4096 2011-10-05 18:34 objects/
drwxrwxrwx 2 swift nogroup 6 2011-10-05 18:34 tmp/
it would be nice it is created with the standard umask (022) or even a more secure one of 077
Changed in swift: | |
milestone: | none → 1.4.4 |
status: | New → In Progress |
importance: | Undecided → Medium |
Changed in swift: | |
milestone: | 1.4.4 → none |
Changed in swift: | |
assignee: | nobody → Chmouel Boudjnah (chmouel) |
Changed in swift: | |
milestone: | none → 1.4.6 |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
That will be useless with the rsync configuration given in http:// swift.openstack .org/howto_ installmultinod e.html
It gives remote write access to every one on the good network, even with a 077 umask, as rsync is running as swift
The configuration :
uid = swift LOCAL_NET_ IP
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = $STORAGE_
[account] account. lock
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/
[container] container. lock
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/
[object] object. lock
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/