On Mon, Jul 15, 2013 at 5:55 PM, Glynn Clements <gl...@gclements.plus.com> wrote: > > Markus Metz wrote: > >> >From within GRASS, only the owner of a mapset is allowed to start a >> GRASS session in this mapset, i.e. only the owner of a mapset has >> write permissions to this mapset. But a new mapset being a folder in >> the file system is created with mode 0777, thus granting write >> permissions to all. I suggest to change mode from 0777 to 0755 in >> G_mkdir() and add mode = 0755 in gis_set.py. Any objections? > > I don't see why GRASS should be special in this regard. > > The convention is that programs should allow the user to control read > and write permissions via the umask, while execute permission is > determined by the program.
In this case, would it be ok to enforce umask to 0022 in the start up script? > > Programs creating files containing particularly-sensitive information > (e.g. encryption keys) may reasonably impose more restrictive > permissions. With grass data on a network drive with multi-user access, I would regard e.g. the contents of the PERMANENT mapset as particularly-sensitive information. > > GRASS already includes its own ownership check to prevent users from > shooting each other in the foot with shared directories (by creating > subdirectories which the owner cannot remove). So I don't really see > any reason to enforce the policy a second time through filesystem > permissions. An inexperienced user trying to make a backup of a grass dataset, syncing the wrong way... Anyway, I withdraw my suggestion to use 0755 as default mode for mkdir(path, mode). It's probably safer to enforce the system's default mask directly. Markus M _______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/grass-dev
