umask(0) in all binaries
Christof Schmitt
cs at samba.org
Mon Nov 4 14:26:13 MST 2013
On Mon, Nov 04, 2013 at 12:25:29PM -0800, Jeremy Allison wrote:
> On Mon, Nov 04, 2013 at 12:54:23PM -0700, Christof Schmitt wrote:
> > I have been chasing an issue where the permissions on /var/ctdb/samba
> > are set to 0700 instead of 0755. Commit 59462f2 "winbindd and nmbd don't
> > set their umask to zero on startup like smbd does." fixed this in case
> > the directory is created by winbindd or nmbd. Other binaries from
> > source3/utils will also call into cache_path() that will create the
> > directory through xx_path() in case it does not exist. Depending on the
> > umask of the caller, the permissions will be different than expected.
> >
> > What is the best way to fix this? Call umask(0) from every main function
> > to ensure that we use the intended permissions?
>
> As the utilities are designed to act on databases created by
> the running daemons, I don't think the utilities have any
> business creating those directories.
>
> Maybe add a function varient that is only used by the utility
> functions (e.g. xx_path_client()) which uses a flags to a xx_path_internal() function
> that will never create the directory. The long running daemons
> call xx_path(), which then calls xx_path_internal() setting
> the "create" flag.
Looking at the code, it will be difficult in some places to decide if
the call has been made froma daemon or from a utility, e.g.
db_open_ctdb -> g_lock_ctx_init -> lock_path
If we decide that only smbd, winbindd and nmbd should create those
directories in case they are missing: Wouldn't it be simpler to create
the directories directly during startup of those daemons, and remove the
if (!directory_exist(fname)) from xx_path?
Christof
More information about the samba-technical
mailing list