New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please set sensible file-permissions (don't rely on umask) #620

Open
madduck opened this Issue Jan 12, 2016 · 2 comments

Comments

Projects
None yet
4 participants
@madduck

madduck commented Jan 12, 2016

At least munin-html uses umask to determine the permission on files it generates. As I have umask set at 077 (of course, for shell sessions), this means running things manually yields unreadable HTML files.

@sumpfralle

This comment has been minimized.

Show comment
Hide comment
@sumpfralle

sumpfralle Feb 24, 2018

Collaborator

Currently there is no configuration setting for file permissions created by munin.

Thus I think, there could be three approaches:

  1. allow umask to influence munin's operation (this is the current situation)
  2. ignore umask and use a hardcoded 644 permission for all generated files
  3. add a configuration setting for the wanted permissions of new files (ignoring umask)

I think, your request points at (2).
I would try to avoid (3), since I do not consider it to be worth the effort.
I would slightly prefer (1) over (2), since it allows configuration. But I do not really have an opinion.

Thus I am tempted to dismiss this feature request.
But if you think, that (2) would be preferable, a single sentence of reasoning would surely convince me.

Collaborator

sumpfralle commented Feb 24, 2018

Currently there is no configuration setting for file permissions created by munin.

Thus I think, there could be three approaches:

  1. allow umask to influence munin's operation (this is the current situation)
  2. ignore umask and use a hardcoded 644 permission for all generated files
  3. add a configuration setting for the wanted permissions of new files (ignoring umask)

I think, your request points at (2).
I would try to avoid (3), since I do not consider it to be worth the effort.
I would slightly prefer (1) over (2), since it allows configuration. But I do not really have an opinion.

Thus I am tempted to dismiss this feature request.
But if you think, that (2) would be preferable, a single sentence of reasoning would surely convince me.

@madduck

This comment has been minimized.

Show comment
Hide comment
@madduck

madduck Feb 24, 2018

I think the easiest fix would be to to set umask early on in the script for munin-html, or a wrapper script, to 022, because I see no reason why the permissions on HTML files should be any different.

Alternatively, maybe a warning could be issued if umask 077 is encountered.

Anyway, thanks for taking your time to think about this. If you prefer to dismiss, then that's okay. You are the authority here. ;)

madduck commented Feb 24, 2018

I think the easiest fix would be to to set umask early on in the script for munin-html, or a wrapper script, to 022, because I see no reason why the permissions on HTML files should be any different.

Alternatively, maybe a warning could be issued if umask 077 is encountered.

Anyway, thanks for taking your time to think about this. If you prefer to dismiss, then that's okay. You are the authority here. ;)

@sumpfralle sumpfralle modified the milestones: 2.0.26, 2.0.35 Mar 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment