Re: [Freeipa-devel] [PATCH 0282] Create temporary directories with ug=rwx, o= permissions

Fri, 05 Sep 2014 03:45:18 -0700 

On 4.9.2014 18:31, Martin Basti wrote:

On 04/09/14 17:55, Petr Spacek wrote:

Hello,

Create temporary directories with ug=rwx,o= permissions.

Zero group permissions do not allow to use POSIX ACLs which is
undesirable.


NACK
It creates drwxr-x--- permissions (umask problem)
Thank you for catching this. This version of the patch should fix the problem. It is not very nice but I don't see any better solution. 

--
Petr^2 Spacek

From 2bcf23d57eb67bf29d88bb1682ff32f58ee6a070 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Thu, 4 Sep 2014 15:43:49 +0200
Subject: [PATCH] Create temporary directories with ug=rwx,o= permissions.

Zero group permissions do not allow to use POSIX ACLs which is
undesirable.

Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
 src/fs.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/fs.c b/src/fs.c
index 255026a23e1703048073e2b584ac5602bc05f85d..174ea01b72fa7542e6b89b2311d492201996eac7 100644
--- a/src/fs.c
+++ b/src/fs.c
@@ -40,24 +40,40 @@ isc_result_t
 fs_dir_create(const char *dir_name)
 {
 	isc_result_t result;
+	const mode_t dir_mode = S_IRWXU | S_IRWXG;
 	char dir_curr[PATH_MAX + 1] = "";
 	isc_dir_t dir_handle;
 	int ret;
 
 	REQUIRE(dir_name != NULL);
 
 	if (getcwd(dir_curr, sizeof(dir_curr) - 1) == NULL)
 		strncpy(dir_curr, msg_getcwd_failed, sizeof(dir_curr));
-	ret = mkdir(dir_name, 0700);
+	ret = mkdir(dir_name, dir_mode);
 	if (ret == 0)
 		result = ISC_R_SUCCESS;
 	else
 		result = isc__errno2result(errno);
 
 	if (result != ISC_R_SUCCESS && result != ISC_R_FILEEXISTS) {
 		log_error_r("unable to create directory '%s', working directory "
 			    "is '%s'", dir_name, dir_curr);
 		return result;
+
+	} else if (result == ISC_R_SUCCESS) {
+		/* umask hack for new directories: BIND is multi-threaded and
+		 * I don't want to change umask for all threads or add locking
+		 * solely for this purpose. */
+		ret = chmod(dir_name, dir_mode);
+		if (ret == 0)
+			result = ISC_R_SUCCESS;
+		else {
+			result = isc__errno2result(errno);
+			log_error_r("unable to chmod directory '%s', "
+				    "working directory is '%s'",
+				    dir_name, dir_curr);
+			return result;
+		}
 	}
 
 	/* Verify that the directory is accessible */
-- 
1.9.3


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to