wtautz wrote:
>> Well.. this is the piece of code that creates the override dir after an image
>> retrieval from a golden client (see
>> http://svn.systemimager.org/filedetails.php?repname=systemimager&path=%2Ftrunk%2Flib%2FSystemImager%2FServer.pm&rev=0&sc=0
>> function create_autoinstall_script):
>>
>> ### BEGIN overrides stuff ###
>> # Create default overrides directory. -BEF-
>> #
>> my $override_dir = $config->default_override_dir;
>> my $dir = "$override_dir/$script_name";
>> if (! -d "$dir") {
>> mkdir("$dir", 0755) or die "FATAL: Can't make directory $dir\n";
>> }
>>
>> It means that if an override dir doesn't exist it's created using the right
>> permissions 0755.
>>
> Perhaps explicitly checking that the mode is correct is necessary.
> If one reads the description of mkdir in the perl book mkdir FILENAME, MASK
> where "MASK as modified by the current umask". So it would seem that the
> umask
> setting clearly effects how the mkdir command works. It might be better
> to create
> the directory and then use chmod after the fact?
>
>From MKDIR(2):
"[...] the permissions of the created directory are (mode & ~umask & 0777)"
So, I agree that a chmod after mkdir could be a safer way to be sure to
not touch the "default" permission bitmask for the / in the clients,
that could be quite dangerous under some circumstances.
I'm going to test the following patch and check it in the trunk. Any
objection?
Thanks for reporting,
-Andrea
Index: lib/SystemImager/Server.pm
===================================================================
--- lib/SystemImager/Server.pm (revision 4299)
+++ lib/SystemImager/Server.pm (working copy)
@@ -2090,6 +2090,15 @@
my $dir = "$override_dir/$script_name";
if (! -d "$dir") {
mkdir("$dir", 0755) or die "FATAL: Can't make directory $dir\n";
+ # Be sure to properly set the correct permissions bitmask in the
+ # overrides, in fact according to MKDIR(2):
+ #
+ # [...] the permissions of the created directory are (mode & ~umask &
0777).
+ #
+ # A non-standard permission mask in the root of the clients can lead to
+ # serious problems, so it's better to enforce the right bitmask directly
+ # using a chmod() after the mkdir().
+ chmod(0755, "$dir");
}
close($MASTER_SCRIPT);
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
sisuite-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sisuite-users
