You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "John Kinsella (JIRA)" <ji...@apache.org> on 2014/02/17 18:00:22 UTC
[jira] [Created] (CLOUDSTACK-6128) Clean up over-permissive
filesystem grants in Cloudstack
John Kinsella created CLOUDSTACK-6128:
-----------------------------------------
Summary: Clean up over-permissive filesystem grants in Cloudstack
Key: CLOUDSTACK-6128
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6128
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Reporter: John Kinsella
Fix For: 4.4.0
It's not uncommon to find Java code and scripts in ACS that are over-permissive in their attempts to grant UNIX filesystem permissions. The following is an example from com.cloud.hypervisor.vmware.manager.VmwareManagerImpl.prepareSecondaryStorage:
script.add("-R", "777", mountPoint);
We should understand and document the UNIX user, group, and filesystem ownership requirements. If we truely need wide-open filesystem permissions, that too should be documented.
Also, the code should not be blindly attempting to change filesystem permissions and ignoring the result of the attempts. Code should first check to see if a change is necessary, then make the necessary change, and then inspect the results, not display an error that may or may not impact proper execution of the system.
</soapbox> ;)
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)