Re: [devel] [PATCH 1/1] base: remove others/world permissions for mds.log, nid.log, osaf.log and trace files [#3318]

Mon, 08 Aug 2022 00:21:17 -0700 

Hi Thang,

ACK from me.

Best Regards,
Thien

-----Original Message-----
From: Thang Duc Nguyen <thang.d.ngu...@dektech.com.au> 
Sent: Monday, August 1, 2022 11:49 AM
To: Hieu Hong Hoang <hieu.h.ho...@dektech.com.au>; Thien Minh Huynh 
<thien.m.hu...@dektech.com.au>; Minh Hon Chau <minh.c...@dektech.com.au>
Cc: opensaf-devel@lists.sourceforge.net; Thang Duc Nguyen 
<thang.d.ngu...@dektech.com.au>
Subject: [PATCH 1/1] base: remove others/world permissions for mds.log, 
nid.log, osaf.log and trace files [#3318]

Remove others/world permissions for mds.log, nid.log, osaf.log and trace files.
---
 src/base/log_writer.cc | 2 +-
 src/nid/nodeinit.cc    | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/base/log_writer.cc b/src/base/log_writer.cc index 
b68566e5c..48bd4bab8 100644
--- a/src/base/log_writer.cc
+++ b/src/base/log_writer.cc
@@ -56,7 +56,7 @@ void LogWriter::Open() {
     int fd;
     do {
       fd = open(log_file(0).c_str(), O_WRONLY | O_CLOEXEC | O_CREAT,
-                S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+                S_IRUSR | S_IWUSR | S_IRGRP);
     } while (fd == -1 && errno == EINTR);
     if (fd >= 0) {
       off_t seek_result = lseek(fd, 0, SEEK_END); diff --git 
a/src/nid/nodeinit.cc b/src/nid/nodeinit.cc index 548c7fb46..2832a3eba 100644
--- a/src/nid/nodeinit.cc
+++ b/src/nid/nodeinit.cc
@@ -724,6 +724,7 @@ int32_t fork_daemon(NID_SPAWN_INFO *service, char *app, 
char *args[],
     }
 
     setsid();
+    umask(026);
     if (!freopen("/dev/null", "r", stdin))
       LOG_ER("freopen stdin: %s", strerror(errno));
 
@@ -810,6 +811,7 @@ int32_t fork_script(NID_SPAWN_INFO *service, char *app, 
char *args[],
 
     sigprocmask(SIG_SETMASK, &omask, NULL);
     setsid();
+    mode_t mask = umask(026);
     if (!freopen("/dev/null", "r", stdin))
       LOG_ER("freopen stdin: %s", strerror(errno));
 
@@ -823,6 +825,7 @@ int32_t fork_script(NID_SPAWN_INFO *service, char *app, 
char *args[],
     if (prio_stat < 0)
       LOG_ER("Failed to set priority for %s", service->serv_name);
 
+    umask(mask);
     /* Reset all the signals */
     for (i = 1; i < NSIG; i++) SETSIG(sa, i, SIG_DFL, SA_RESTART);
 
@@ -878,6 +881,7 @@ int32_t fork_process(NID_SPAWN_INFO *service, char *app, 
char *args[],
     if (!freopen("/dev/null", "r", stdin))
       LOG_ER("freopen stdin: %s", strerror(errno));
 
+    mode_t mask = umask(026);
     if (!freopen(NIDLOG, "a", stdout))
       LOG_ER("freopen stdout: %s", strerror(errno));
 
@@ -890,6 +894,7 @@ int32_t fork_process(NID_SPAWN_INFO *service, char *app, 
char *args[],
         LOG_ER("Failed to set priority for %s", service->serv_name);
     }
 
+    umask(mask);
     /* Reset all the signals */
     for (i = 1; i < NSIG; i++) SETSIG(sa, i, SIG_DFL, SA_RESTART);
 
--
2.25.1



_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to