wtautz wrote:
> Andrea Righi wrote:
>> wtautz wrote:
>>
>>>> Well.. this is the piece of code that creates the override dir after an
>>>> image
>>>> retrieval from a golden client (see
>>>> http://svn.systemimager.org/filedetails.php?repname=systemimager&path=%2Ftrunk%2Flib%2FSystemImager%2FServer.pm&rev=0&sc=0
>>>> function create_autoinstall_script):
>>>>
>>>> ### BEGIN overrides stuff ###
>>>> # Create default overrides directory. -BEF-
>>>> #
>>>> my $override_dir = $config->default_override_dir;
>>>> my $dir = "$override_dir/$script_name";
>>>> if (! -d "$dir") {
>>>> mkdir("$dir", 0755) or die "FATAL: Can't make directory $dir\n";
>>>> }
>>>>
>>>> It means that if an override dir doesn't exist it's created using the right
>>>> permissions 0755.
>>>>
>>>>
>>> Perhaps explicitly checking that the mode is correct is necessary.
>>> If one reads the description of mkdir in the perl book mkdir FILENAME, MASK
>>> where "MASK as modified by the current umask". So it would seem that the
>>> umask
>>> setting clearly effects how the mkdir command works. It might be better
>>> to create
>>> the directory and then use chmod after the fact?
>>>
>>>
>> >From MKDIR(2):
>>
>> "[...] the permissions of the created directory are (mode & ~umask & 0777)"
>>
>> So, I agree that a chmod after mkdir could be a safer way to be sure to
>> not touch the "default" permission bitmask for the / in the clients,
>> that could be quite dangerous under some circumstances.
>>
>> I'm going to test the following patch and check it in the trunk. Any
>> objection?
>>
>>
> Thanks Andrea for considering the change. Another thought occurs to me,
> namely,
> the overrides directory should, perhaps, have identical permissions as
> the permissions on the golden client? So the task should perhaps be
> to accurately duplicate the setting in
> /var/lib/systemimager/images/<particular-image>?
> Obviously if a user chooses to alter the settings manually that's their
> business but
> upon initial creation it should duplicate the golden client settings.
>
Sounds good! New version of the patch below (untested). Tests and
comments are welcome.
-Andrea
Index: lib/SystemImager/Server.pm
===================================================================
--- lib/SystemImager/Server.pm (revision 4299)
+++ lib/SystemImager/Server.pm (working copy)
@@ -2090,6 +2090,17 @@
my $dir = "$override_dir/$script_name";
if (! -d "$dir") {
mkdir("$dir", 0755) or die "FATAL: Can't make directory $dir\n";
+ # Be sure to properly set the correct permissions bitmask in the
+ # overrides, in fact according to MKDIR(2):
+ #
+ # [...] the permissions of the created directory are (mode & ~umask &
0777).
+ #
+ # A non-standard permission mask in the root of the clients can lead to
+ # serious problems, so it's better to enforce the right bitmask directly
+ # using a chmod() after the mkdir().
+ #
+ # The best solution here is to use the same permission mask of the image.
+ chmod(((stat($image_dir))[2] & 07777), "$dir");
}
close($MASTER_SCRIPT);
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
sisuite-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sisuite-users
