Set permissions of Data.fs to sane value
Bug #143747 reported by
Berthold Stöger
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ZODB |
Invalid
|
Medium
|
Unassigned | ||
Zope 2 |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When installing a Zope instance, Data.fs by default ends up with permissions 0644. Permissions should instead probably be set to 0600 independently of umask, since there seems to be no reason that anyone but the application server (and maybe backup programs) should be able to read the file. On the other hand a world readable Data.fs poses a security risk on multi-user systems (think for example stored DB-Passwords).
To post a comment you must log in.
The right place is possible in FileStorage.py:
if self._file is None and create: exists( file_name) :
os.remove( file_name)
if os.path.
>> os.chmod(....)