John Kinsella created CLOUDSTACK-6128:
-----------------------------------------
Summary: Clean up over-permissive filesystem grants in Cloudstack
Key: CLOUDSTACK-6128
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6128
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Reporter: John Kinsella
Fix For: 4.4.0
It's not uncommon to find Java code and scripts in ACS that are over-permissive
in their attempts to grant UNIX filesystem permissions. The following is an
example from
com.cloud.hypervisor.vmware.manager.VmwareManagerImpl.prepareSecondaryStorage:
script.add("-R", "777", mountPoint);
We should understand and document the UNIX user, group, and filesystem
ownership requirements. If we truely need wide-open filesystem permissions,
that too should be documented.
Also, the code should not be blindly attempting to change filesystem
permissions and ignoring the result of the attempts. Code should first check to
see if a change is necessary, then make the necessary change, and then inspect
the results, not display an error that may or may not impact proper execution
of the system.
</soapbox> ;)
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
