Change in vdsm[master]: Alert if vdsm log has wrong user\group permissions

Sun, 11 Nov 2012 11:47:55 -0800 

Dan Kenigsberg has posted comments on this change.

Change subject: Alert if vdsm log has wrong user\group permissions
......................................................................


Patch Set 2: I would prefer that you didn't submit this

(3 inline comments)

....................................................
File vdsm/vdsmd.init.in
Line 102:     done
Line 103: }
Line 104: 
Line 105: verify_log_permissions() {
Line 106:     VDSM_USER=`id -u vdsm`
generally, a safer way for this verification is to try opening the log with 
write permissions after setuid to vdsm.
Line 107:     VDSM_GROUP=`id -g vdsm`
Line 108:     LOG_OWNER=`stat -c "%u" @VDSMLOGDIR@/vdsm.log`
Line 109:     LOG_GROUP=`stat -c "%g" @VDSMLOGDIR@/vdsm.log`
Line 110:     if [[ $VDSM_USER -ne $LOG_OWNER || $VDSM_GROUP -ne $LOG_GROUP ]]; 
then


Line 106:     VDSM_USER=`id -u vdsm`
Line 107:     VDSM_GROUP=`id -g vdsm`
Line 108:     LOG_OWNER=`stat -c "%u" @VDSMLOGDIR@/vdsm.log`
Line 109:     LOG_GROUP=`stat -c "%g" @VDSMLOGDIR@/vdsm.log`
Line 110:     if [[ $VDSM_USER -ne $LOG_OWNER || $VDSM_GROUP -ne $LOG_GROUP ]]; 
then
please avoid bashisms like [[, Ryan dislikes them ;-)

please avoid unquoted shell variables, I dislike them, since a single space 
char in them cat crash scripts.
Line 111:         return 1
Line 112:     fi
Line 113:     return 0
Line 114: }


Line 506:           test_conflicting_conf); then
Line 507:         return 1
Line 508:     fi
Line 509: 
Line 510:     if [ verify_log_permissions != 0 ]; then
no need for [.

 if ! verify_log_permissions; then
Line 511:         log_failure_msg "Permissions error with vdsm log file"
Line 512:         return 1
Line 513:     fi
Line 514: 


--
To view, visit http://gerrit.ovirt.org/9118
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I8bd379803b01627d6897992ee8798c6a22195b0f
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Yaniv Bronhaim <[email protected]>
Gerrit-Reviewer: Antoni Segura Puimedon <[email protected]>
Gerrit-Reviewer: Dan Kenigsberg <[email protected]>
Gerrit-Reviewer: Douglas Schilling Landgraf <[email protected]>
Gerrit-Reviewer: Saggi Mizrahi <[email protected]>
Gerrit-Reviewer: Yaniv Bronhaim <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Reply via email to