[devel] [PATCH 1/1] base: remove others/world permissions for mds.log, nid.log, osaf.log and trace files [#3318]

Sun, 31 Jul 2022 22:23:20 -0700 

Remove others/world permissions for mds.log, nid.log,
osaf.log and trace files.
---
 src/base/log_writer.cc | 2 +-
 src/nid/nodeinit.cc    | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/base/log_writer.cc b/src/base/log_writer.cc
index b68566e5c..48bd4bab8 100644
--- a/src/base/log_writer.cc
+++ b/src/base/log_writer.cc
@@ -56,7 +56,7 @@ void LogWriter::Open() {
     int fd;
     do {
       fd = open(log_file(0).c_str(), O_WRONLY | O_CLOEXEC | O_CREAT,
-                S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+                S_IRUSR | S_IWUSR | S_IRGRP);
     } while (fd == -1 && errno == EINTR);
     if (fd >= 0) {
       off_t seek_result = lseek(fd, 0, SEEK_END);
diff --git a/src/nid/nodeinit.cc b/src/nid/nodeinit.cc
index 548c7fb46..2832a3eba 100644
--- a/src/nid/nodeinit.cc
+++ b/src/nid/nodeinit.cc
@@ -724,6 +724,7 @@ int32_t fork_daemon(NID_SPAWN_INFO *service, char *app, 
char *args[],
     }
 
     setsid();
+    umask(026);
     if (!freopen("/dev/null", "r", stdin))
       LOG_ER("freopen stdin: %s", strerror(errno));
 
@@ -810,6 +811,7 @@ int32_t fork_script(NID_SPAWN_INFO *service, char *app, 
char *args[],
 
     sigprocmask(SIG_SETMASK, &omask, NULL);
     setsid();
+    mode_t mask = umask(026);
     if (!freopen("/dev/null", "r", stdin))
       LOG_ER("freopen stdin: %s", strerror(errno));
 
@@ -823,6 +825,7 @@ int32_t fork_script(NID_SPAWN_INFO *service, char *app, 
char *args[],
     if (prio_stat < 0)
       LOG_ER("Failed to set priority for %s", service->serv_name);
 
+    umask(mask);
     /* Reset all the signals */
     for (i = 1; i < NSIG; i++) SETSIG(sa, i, SIG_DFL, SA_RESTART);
 
@@ -878,6 +881,7 @@ int32_t fork_process(NID_SPAWN_INFO *service, char *app, 
char *args[],
     if (!freopen("/dev/null", "r", stdin))
       LOG_ER("freopen stdin: %s", strerror(errno));
 
+    mode_t mask = umask(026);
     if (!freopen(NIDLOG, "a", stdout))
       LOG_ER("freopen stdout: %s", strerror(errno));
 
@@ -890,6 +894,7 @@ int32_t fork_process(NID_SPAWN_INFO *service, char *app, 
char *args[],
         LOG_ER("Failed to set priority for %s", service->serv_name);
     }
 
+    umask(mask);
     /* Reset all the signals */
     for (i = 1; i < NSIG; i++) SETSIG(sa, i, SIG_DFL, SA_RESTART);
 
-- 
2.25.1



_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to