On 15-Jul-2014, Michael Hrivnak wrote: > The impact of this behavior is that unless a user knows to > explicitly set a safe umask on their daemon processes, they could > end up with world-writable files without realizing it.
I am planning to make this change to the Daemoncontext docstring:: $ bzr diff === modified file 'daemon/daemon.py' --- daemon/daemon.py revid:[email protected] +++ daemon/daemon.py 2014-08-01 02:26:35 +0000 @@ -112,6 +112,11 @@ starting the daemon will reset the umask to this value so that files are created by the daemon with access modes as it expects. + *Note*: The default of 0 is insecure, but is expected by + convention for a Unix daemon. Set a specific umask value, + either with this parameter, or later in the program with + an explicit ‘os.umask’ call. + `pidfile` :Default: ``None`` Is that sufficiently explanatory? -- \ “I just got out of the hospital; I was in a speed-reading | `\ accident. I hit a bookmark and flew across the room.” —Steven | _o__) Wright | Ben Finney <[email protected]>
signature.asc
Description: Digital signature
_______________________________________________ python-daemon-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-daemon-devel
