cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Kinsella (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-6128) Clean up over-permissive filesystem grants in Cloudstack
Date Mon, 17 Feb 2014 17:00:22 GMT
John Kinsella created CLOUDSTACK-6128:
-----------------------------------------

             Summary: Clean up over-permissive filesystem grants in Cloudstack
                 Key: CLOUDSTACK-6128
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6128
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
            Reporter: John Kinsella
             Fix For: 4.4.0


It's not uncommon to find Java code and scripts in ACS that are over-permissive in their attempts
to grant UNIX filesystem permissions. The following is an example from com.cloud.hypervisor.vmware.manager.VmwareManagerImpl.prepareSecondaryStorage:

        script.add("-R", "777", mountPoint);

We should understand and document the UNIX user, group, and filesystem ownership requirements.
If we truely need wide-open filesystem permissions, that too should be documented.

Also, the code should not be blindly attempting to change filesystem permissions and ignoring
the result of the attempts. Code should first check to see if a change is necessary, then
make the necessary change, and then inspect the results, not display an error that may or
may not impact proper execution of the system.

</soapbox> ;)




--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message