Make umask customizable

Bug #1463464 reported by Alexey Khivin on 2015-06-09
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Undecided
Alexey Khivin

Bug Description

Some files owned by swift:swift are world readable.

Swift uses hardcoded value umask=0o22 for newly created files. I suggest to add swift config parameter to allow users to change umask to 0o027 for security reasons

Alexey Khivin (akhivin) on 2015-06-09
Changed in swift:
assignee: nobody → Alex Khivin (akhivin)

Fix proposed to branch: master
Review: https://review.openstack.org/189785

Changed in swift:
status: New → In Progress

Fix proposed to branch: master
Review: https://review.openstack.org/189789

Change abandoned by Alex Khivin (<email address hidden>) on branch: master
Review: https://review.openstack.org/189789
Reason: Wrong commit

Alexey Khivin (akhivin) on 2015-06-09
summary: - Make umask customizable for Swift daemons
+ Make umask customizable
Pete Zaitcev (zaitcev) wrote :

What's the actual security threat we're addressing by doing this? Surely any user who has shell access also has access to localhost:6200. I'm against adding knobs for no reason, we already have too many.

Change abandoned by John Dickinson (<email address hidden>) on branch: master
Review: https://review.openstack.org/189785
Reason: Abanoning based on the lack of activity since the last negative review. If you want to continue working on this, please reopen this patch.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers