cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daan Hoogland (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-6128) Clean up over-permissive filesystem grants in Cloudstack
Date Thu, 07 Aug 2014 09:28:12 GMT


Daan Hoogland commented on CLOUDSTACK-6128:

John, I saw mails so I think something has been done, still marking it for future due to no
activity in the ticket

> Clean up over-permissive filesystem grants in Cloudstack
> --------------------------------------------------------
>                 Key: CLOUDSTACK-6128
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: John Kinsella
>              Labels: security
>             Fix For: Future
> It's not uncommon to find Java code and scripts in ACS that are over-permissive in their
attempts to grant UNIX filesystem permissions. The following is an example from
>         script.add("-R", "777", mountPoint);
> We should understand and document the UNIX user, group, and filesystem ownership requirements.
If we truely need wide-open filesystem permissions, that too should be documented.
> Also, the code should not be blindly attempting to change filesystem permissions and
ignoring the result of the attempts. Code should first check to see if a change is necessary,
then make the necessary change, and then inspect the results, not display an error that may
or may not impact proper execution of the system.
> </soapbox> ;)

This message was sent by Atlassian JIRA

View raw message