New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
-sysperms=false (default) doesn't appear to do anything #13371
Comments
can work on this. |
…cSetup() as it is too late there. When the option -sysperms=false (default) is enabled, the created datadirs does not take into account the default umask setting of '077'. Fix moves the umask operation as early as possible inside of bitcoind, and bitcoin-qt. This was needed because by the time AppInitBasicSetup() is called, datadir, has typically already been created. Calling umask earlier ensures any filesystem writes that follows has the correct umask set. Tests: feature_nosysperms.py - validates datadir permissions where -sysperms=false (default)
…ticalswift'. remove commented out code and styling as per PEP.
…1221'. - add check for windows platform, feature_nosysperms.py will explicitly skip the test if 'Windows' platform is detected.
… to be invalid if bitcoind is built with NO_WALLET=1. That is -sysperms will fail if not accompanied with -disablewallet option
So, Bitcoin Core creates files as expected ;) |
…cSetup() as it is too late there. When the option -sysperms=false (default) is enabled, the created datadirs does not take into account the default umask setting of '077'. Fix moves the umask operation as early as possible inside of bitcoind, and bitcoin-qt. This was needed because by the time AppInitBasicSetup() is called, datadir, has typically already been created. Calling umask earlier ensures any filesystem writes that follows has the correct umask set. Tests: feature_sysperms.py - validates datadir permissions where -sysperms=false (default) Notes: '-sysperms' option requires '-disablewallet' - add check for windows platform, feature_nosysperms.py will explicitly skip the test if 'Windows' platform is detected. if bitcoind is built with NO_WALLET=1. That is -sysperms will fail if not accompanied with -disablewallet option
…cSetup() as it is too late there. When the option -sysperms=false (default) is enabled, the created datadirs does not take into account the default umask setting of '077'. Fix moves the umask operation as early as possible inside of bitcoind, and bitcoin-qt. This was needed because by the time AppInitBasicSetup() is called, datadir, has typically already been created. Calling umask earlier ensures any filesystem writes that follows has the correct umask set. Tests: feature_sysperms.py - validates datadir permissions where -sysperms=false (default) Notes: '-sysperms' option requires '-disablewallet' - add check for windows platform, feature_nosysperms.py will explicitly skip the test if 'Windows' platform is detected. if bitcoind is built with NO_WALLET=1. That is -sysperms will fail if not accompanied with -disablewallet option
I assume you're referring to these docs:
I don't know where to find bitcoind's default values, but you mention this setting is by default Running Perhaps the help text would be more readable if it said:
In fact, this is what the commit message that introduced this change said!
Link to help text: https://github.com/bitcoin/bitcoin/blob/master/src/init.cpp#L430 Shall I make that change @TheBlueMatt ? |
Hello, I'd like to tackle this issue. Is this issue still open ? |
Fixes bitcoin#13371 Currently we check the config file before applying the effect of the `-sysperms` program option. On first boot, this can result in directories (and settings.json file) being created with incorrect permissions.
Fixes bitcoin#13371 Currently we check the config file before applying the effect of the `-sysperms` program option. On first boot, this can result in directories (and settings.json file) being created with incorrect permissions.
Fixes bitcoin#13371 Currently we check the config file before applying the effect of the `-sysperms` program option. On first boot, this can result in directories (and settings.json file) being created with incorrect permissions.
Just to check: System: Ubuntu 22.04 I've tested creating a new datadir on master with default bitcoind settings (i.e. without setting For directories expect: 777 - 077 = 700 = It created the following:
It seems to have used the system umask to create This happens because Starting with For directories expect: 777 - 002 = 775 = Which creates the following:
I have a PR which results in the following (correct) filestructure when started without the
And with
I would be interested in more feedback on whether such a change is desirable because changing the default file permissions could possibly break things upstream for other projects? |
Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I'm misreading the docs but it appears umask(077) isnt doing anything.
The text was updated successfully, but these errors were encountered: