Markus Metz wrote: > >From within GRASS, only the owner of a mapset is allowed to start a > GRASS session in this mapset, i.e. only the owner of a mapset has > write permissions to this mapset. But a new mapset being a folder in > the file system is created with mode 0777, thus granting write > permissions to all. I suggest to change mode from 0777 to 0755 in > G_mkdir() and add mode = 0755 in gis_set.py. Any objections?
I don't see why GRASS should be special in this regard. The convention is that programs should allow the user to control read and write permissions via the umask, while execute permission is determined by the program. But the umask can only remove permissions, not add them. So in order for the permissions to be fully under the control of the user, programs must use 0777 for directories and executable files, and 0666 for non-executable files. Programs creating files containing particularly-sensitive information (e.g. encryption keys) may reasonably impose more restrictive permissions. Complex programs may allow permissions to be configured via options and/or configuration files if the umask is too blunt an instrument (i.e. the program creates different categories of file or directory, and the desired permissions are likely to differ by category). GRASS already includes its own ownership check to prevent users from shooting each other in the foot with shared directories (by creating subdirectories which the owner cannot remove). So I don't really see any reason to enforce the policy a second time through filesystem permissions. -- Glynn Clements <gl...@gclements.plus.com> _______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/grass-dev
