Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Univention (UCS): change umask only temporary
Before, the univention-bareos UCS listener module did change the umask permanently. However this impacts ofter functionality of the UCS Listener. Therefore the change the umask only temporary.
- Loading branch information
1 parent
c5e3d4d
commit da72d6e
Showing
1 changed file
with
17 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
da72d6e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you change the
umask
, it's better to wrap it into atry: .. finally: ...
block as otherwise you risk obscure cases, where an exception (IOError
,KeyboardInterrupted
,SystemExit
, ...) is thrown and the umask is not restored.So my recommendation is to use:
or not change the process-global
umask
at all by using my approach from https://help.univention.com/t/check-univention-replication-fails-after-some-time/9282/9da72d6e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right. I added a commit (#178) with the try/finally statement. I decided against the patch you proposed, as I preferred creating the file with limited permissions instead of changing the permission after writing sensible data into it.
da72d6e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is why I called
os.fchmod()
andos.fchown()
before writing data.But you are right that there still would be a vulnerability between the
open()
and those calls ifumask
would allow creating world-writeable files.da72d6e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
using
os.open()
instead ofopen()
allows to set the file-mask while creating the file. No fiddling with the umask or calls to chmod required.da72d6e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I know of
os.open()
, but please be aware thatumask
is still masked out from itsmode
argument.Just FYI, no need for additional actions.
da72d6e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right, but IMO the umask is up to the user so she can restrict permissions of created files and directories even more.
Maybe we should look at this again @franku @joergsteffens ?
da72d6e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I remember correctly a process being daemonized should call
umask(0)
. A quick search did not show any rational for this.In contrast to that man:systemd.exec(5) lists
umask(0o0022)
as its default, which looks sane for to me: creating word-writeable files is very rare. For security sensitive daemons I would even go for0o027
or0o077
depending on if the daemon has a per-user-group or not.