Hi Minh,
the "sticky" bit here is in fact the "restricted deletion bit", it is
used on directories,
e.g. the /tmp directory where several users have r/w access but when the
't' bit is
set only the file owners may delete its files. It should not be set on
files only directories
and I don't think it is need here. /Thanks HansN
On 11/5/18 09:56, Minh Anh Du wrote:
> There are files, sockets and pipes have world writable permission,
> but only root user and owner should be able to create/delete
> these files. Sticky bit should be set for these sockets and pipes
> for security reason.
> ---
> src/base/daemon.c | 2 +-
> src/base/osaf_secutil.c | 2 +-
> src/dtm/transport/log_server.cc | 2 +-
> src/nid/agent/nid_ipc.c | 2 +-
> 4 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/src/base/daemon.c b/src/base/daemon.c
> index cdde7fd..50ddc50 100644
> --- a/src/base/daemon.c
> +++ b/src/base/daemon.c
> @@ -162,7 +162,7 @@ static void create_fifofile(const char *fifofile)
>
> mask = umask(0);
>
> - if (mkfifo(fifofile, 0666) == -1) {
> + if (mkfifo(fifofile, 01666) == -1) {
> if (errno == EEXIST) {
> syslog(LOG_INFO, "mkfifo already exists: %s %s",
> fifofile, strerror(errno));
> diff --git a/src/base/osaf_secutil.c b/src/base/osaf_secutil.c
> index 0e175c9..71e512a 100644
> --- a/src/base/osaf_secutil.c
> +++ b/src/base/osaf_secutil.c
> @@ -147,7 +147,7 @@ static int server_sock_create(const char *pathname)
> }
>
> /* Connecting to the socket object requires read/write permission. */
> - if (chmod(pathname, 0777) == -1) {
> + if (chmod(pathname, 01777) == -1) {
> LOG_ER("%s: chmod failed - %s", __FUNCTION__, strerror(errno));
> return -1;
> }
> diff --git a/src/dtm/transport/log_server.cc b/src/dtm/transport/log_server.cc
> index bef1f07..866fe59 100644
> --- a/src/dtm/transport/log_server.cc
> +++ b/src/dtm/transport/log_server.cc
> @@ -35,7 +35,7 @@ LogServer::LogServer(int term_fd)
> max_backups_{9},
> max_file_size_{5 * 1024 * 1024},
> log_socket_{Osaflog::kServerSocketPath,
> base::UnixSocket::kNonblocking,
> - 0777},
> + 01777},
> log_streams_{},
> current_stream_{new LogStream{kMdsLogStreamName, 1, 5 * 1024 * 1024}},
> no_of_log_streams_{1} {
> diff --git a/src/nid/agent/nid_ipc.c b/src/nid/agent/nid_ipc.c
> index 172063a..eae8de3 100644
> --- a/src/nid/agent/nid_ipc.c
> +++ b/src/nid/agent/nid_ipc.c
> @@ -66,7 +66,7 @@ uint32_t nid_create_ipc(char *strbuf)
> mask = umask(0);
>
> /* Create nid fifo */
> - if (mkfifo(NID_FIFO, 0666) < 0) {
> + if (mkfifo(NID_FIFO, 01666) < 0) {
> sprintf(strbuf, " FAILURE: Unable To Create FIFO Error:%s\n",
> strerror(errno));
> umask(mask);
___
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel