[
https://issues.apache.org/jira/browse/CLOUDSTACK-6128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daan Hoogland updated CLOUDSTACK-6128:
--------------------------------------
Fix Version/s: (was: 4.4.0)
Future
> Clean up over-permissive filesystem grants in Cloudstack
> --------------------------------------------------------
>
> Key: CLOUDSTACK-6128
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6128
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: John Kinsella
> Labels: security
> Fix For: Future
>
>
> It's not uncommon to find Java code and scripts in ACS that are
> over-permissive in their attempts to grant UNIX filesystem permissions. The
> following is an example from
> com.cloud.hypervisor.vmware.manager.VmwareManagerImpl.prepareSecondaryStorage:
> script.add("-R", "777", mountPoint);
> We should understand and document the UNIX user, group, and filesystem
> ownership requirements. If we truely need wide-open filesystem permissions,
> that too should be documented.
> Also, the code should not be blindly attempting to change filesystem
> permissions and ignoring the result of the attempts. Code should first check
> to see if a change is necessary, then make the necessary change, and then
> inspect the results, not display an error that may or may not impact proper
> execution of the system.
> </soapbox> ;)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
