forwarded 606844 rrd-develop...@lists.oetiker.ch thanks Hi,
On Sun, Dec 12, 2010 at 11:14:58AM +0100, Witold Baryluk wrote: > Strange, but > when I start rrdcached with default debian options, i have > > # ls -l /var/run/rrdcached.sock -l > srwxr-xr-x 1 root root 0 12-12 10:51 /var/run/rrdcached.sock > # > > but when I add "-s adm" at th begining of options, i have > > # ls -l /var/run/rrdcached.sock -l > srwxrw---- 1 root adm 0 12-12 10:52 /var/run/rrdcached.sock > # > > Shouldn't socket also in default mode also use 760 or 770 ? > Isn't default mode somehow unsecure *755" !? Yeah, this should be more consistent. Anyway, a few things to note: - changing the behavior would be a backward incompatible change - some operating systems don't care about file permissions of a UNIX socket (however, Linux does take them into account) - I'm not sure what the best behavior would be; I don't consider 755 insecure for most use-cases, so that could still be a good default Anyway, once a solution has been agreed upon, a fix will be easy. Currently, rrdcached calls chmod only if -s was specified on the command line: chmod(path, (S_IRUSR|S_IWUSR|S_IXUSR | S_IRGRP|S_IWGRP) That is, by default, you get permissions based on your umask and 770 else. Forwarding this upstream for further input. Cheers, Sebastian -- Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/ Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
signature.asc
Description: Digital signature