This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 6c751e7ea3 Fix TR db file permissions (#6918)
6c751e7ea3 is described below
commit 6c751e7ea3937dbe1f46194b88659ff7c8e05de3
Author: Rawlin Peters <[email protected]>
AuthorDate: Wed Jun 22 16:39:25 2022 -0600
Fix TR db file permissions (#6918)
By default, some files created by TR in the /opt/traffic_router/db
directory are world-writable. Make these files only writable by the
owner (typically root) when they're created.
---
.../traffic_router/core/loc/AbstractServiceUpdater.java | 10 ++++++----
.../traffic_router/core/util/AbstractResourceWatcher.java | 2 ++
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git
a/traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/loc/AbstractServiceUpdater.java
b/traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/loc/AbstractServiceUpdater.java
index c91706c011..abfe3bee3b 100644
---
a/traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/loc/AbstractServiceUpdater.java
+++
b/traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/loc/AbstractServiceUpdater.java
@@ -308,8 +308,8 @@ public abstract class AbstractServiceUpdater {
deleteDatabase(existingDB);
}
- newDB.setReadable(true, true);
- newDB.setWritable(true, false);
+ newDB.setReadable(true);
+ newDB.setWritable(true);
final boolean renamed = newDB.renameTo(existingDB);
if (!renamed) {
@@ -325,8 +325,8 @@ public abstract class AbstractServiceUpdater {
LOGGER.info("[" + getClass().getSimpleName() + "] Moving
Location database from: " + newDB + ", to: " + existingDB);
for (final File file : existingDB.listFiles()) {
- file.setReadable(true, true);
- file.setWritable(true, false);
+ file.setReadable(true);
+ file.setWritable(true);
file.delete();
}
@@ -367,6 +367,8 @@ public abstract class AbstractServiceUpdater {
}
final File outputFile = File.createTempFile(tmpPrefix,
tmpSuffix);
+ outputFile.setReadable(true);
+ outputFile.setWritable(true);
try (InputStream in = conn.getInputStream();
OutputStream out = new FileOutputStream(outputFile)
) {
diff --git
a/traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/util/AbstractResourceWatcher.java
b/traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/util/AbstractResourceWatcher.java
index b9e2d0d905..d91824b264 100644
---
a/traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/util/AbstractResourceWatcher.java
+++
b/traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/util/AbstractResourceWatcher.java
@@ -154,6 +154,8 @@ public abstract class AbstractResourceWatcher extends
AbstractServiceUpdater {
File databaseFile = null;
try {
databaseFile = File.createTempFile(tmpPrefix,
tmpSuffix);
+ databaseFile.setReadable(true);
+ databaseFile.setWritable(true);
try (FileWriter fw = new FileWriter(databaseFile)) {
fw.write(jsonData);
fw.flush();
