You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "John Kinsella (JIRA)" <ji...@apache.org> on 2014/02/17 18:00:22 UTC

[jira] [Created] (CLOUDSTACK-6128) Clean up over-permissive filesystem grants in Cloudstack

John Kinsella created CLOUDSTACK-6128:
-----------------------------------------

             Summary: Clean up over-permissive filesystem grants in Cloudstack
                 Key: CLOUDSTACK-6128
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6128
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
            Reporter: John Kinsella
             Fix For: 4.4.0


It's not uncommon to find Java code and scripts in ACS that are over-permissive in their attempts to grant UNIX filesystem permissions. The following is an example from com.cloud.hypervisor.vmware.manager.VmwareManagerImpl.prepareSecondaryStorage:

        script.add("-R", "777", mountPoint);

We should understand and document the UNIX user, group, and filesystem ownership requirements. If we truely need wide-open filesystem permissions, that too should be documented.

Also, the code should not be blindly attempting to change filesystem permissions and ignoring the result of the attempts. Code should first check to see if a change is necessary, then make the necessary change, and then inspect the results, not display an error that may or may not impact proper execution of the system.

</soapbox> ;)




--
This message was sent by Atlassian JIRA
(v6.1.5#6160)