Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B89A4118A6 for ; Mon, 2 Jun 2014 17:03:01 +0000 (UTC) Received: (qmail 29788 invoked by uid 500); 2 Jun 2014 17:03:01 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 29746 invoked by uid 500); 2 Jun 2014 17:03:01 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 29736 invoked by uid 99); 2 Jun 2014 17:03:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Jun 2014 17:03:01 +0000 X-ASF-Spam-Status: No, hits=-2.8 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of Chiradeep.Vittal@citrix.com designates 66.165.176.89 as permitted sender) Received: from [66.165.176.89] (HELO SMTP.CITRIX.COM) (66.165.176.89) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Jun 2014 17:02:57 +0000 X-IronPort-AV: E=Sophos;i="4.98,957,1392163200"; d="scan'208,217";a="138690488" Received: from sjcpex01cl01.citrite.net ([10.216.14.143]) by FTLPIPO01.CITRIX.COM with ESMTP/TLS/AES128-SHA; 02 Jun 2014 17:02:35 +0000 Received: from SJCPEX01CL02.citrite.net ([169.254.2.128]) by SJCPEX01CL01.citrite.net ([10.216.14.143]) with mapi id 14.03.0181.006; Mon, 2 Jun 2014 10:02:34 -0700 From: Chiradeep Vittal To: Sebastien Goasguen , "dev@cloudstack.apache.org" , Alex Huang CC: Frank Zhang Subject: Re: Why does cloudstack-setup-management make /root writable? Thread-Topic: Why does cloudstack-setup-management make /root writable? Thread-Index: AQHPfJ7urGw6mgWn20mkPvoAujq01ptav7yAgACCYICAAp8iAIAALmQA Date: Mon, 2 Jun 2014 17:02:33 +0000 Message-ID: References: <53898471.3050507@gmail.com> <5389F1CF.8030706@apache.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.4.1.140326 x-originating-ip: [10.13.107.78] Content-Type: multipart/alternative; boundary="_000_CFB1FC1945A98chiradeepvittalcitrixcom_" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org --_000_CFB1FC1945A98chiradeepvittalcitrixcom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable No idea, but +1 on removing it. From: Sebastien Goasguen > Date: Monday, June 2, 2014 at 12:16 AM To: "dev@cloudstack.apache.org" >, Alex Huang >, Chiradeep Vittal > Subject: Re: Why does cloudstack-setup-management make /root writable? On May 31, 2014, at 11:14 AM, Milamber > wrote: A related ticket has been open in Jira https://issues.apache.org/jira/browse/CLOUDSTACK-6673 Let me copy Alex and Chiradeep, they might have some background about this. Le 31/05/2014 08:27, ilya musayev a ecrit : I really dont know why. I guess we can figure out who made the commit and a= sk for rationale on this, but i'm not aware of any reason why /root must be= 777. Big security hole in my opinion. I'd say to give it a try in your env first, if your tests pass, commit. On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote: Hi, Does anyone know the reason why cloudstack-setup-management make /root directory mode 777 in ubuntu? https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serv= iceConfig.py#L767 If no one have objection, I will remove this code. Regards, Noji --_000_CFB1FC1945A98chiradeepvittalcitrixcom_--