You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Yoshikazu Nojima <ma...@ynojima.net> on 2014/05/31 09:06:09 UTC
Why does cloudstack-setup-management make /root writable?
Hi,
Does anyone know the reason why cloudstack-setup-management make /root
directory mode 777 in ubuntu?
https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serviceConfig.py#L767
If no one have objection, I will remove this code.
Regards,
Noji
RE: Why does cloudstack-setup-management make /root writable?
Posted by Alex Huang <Al...@citrix.com>.
I don't think there's any real reason it was there. Probably it was easiest at that time to do. +1 and thanks on removing it.
--Alex
> -----Original Message-----
> From: ynojima@ynojima.net [mailto:ynojima@ynojima.net] On Behalf Of
> Yoshikazu Nojima
> Sent: Monday, June 2, 2014 10:14 AM
> To: dev@cloudstack.apache.org
> Cc: Sebastien Goasguen; Alex Huang; Frank Zhang
> Subject: Re: Why does cloudstack-setup-management make /root writable?
>
> Thanks Sebastien, and Chiradeep,
>
> I've already push a commit to remove the code.
> If someone explain the reason why we need it, I'll revert my code or make
> additional patch.
>
> 2014-06-02 11:02 GMT-06:00 Chiradeep Vittal <Ch...@citrix.com>:
> > No idea, but +1 on removing it.
> >
> > From: Sebastien Goasguen
> <ru...@gmail.com>>
> > Date: Monday, June 2, 2014 at 12:16 AM
> > To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>"
> > <de...@cloudstack.apache.org>>, Alex
> > Huang <Al...@citrix.com>>,
> Chiradeep
> > Vittal
> > <ch...@citrix.com>>
> > Subject: Re: Why does cloudstack-setup-management make /root writable?
> >
> >
> > On May 31, 2014, at 11:14 AM, Milamber
> <mi...@apache.org>> wrote:
> >
> > A related ticket has been open in Jira
> > https://issues.apache.org/jira/browse/CLOUDSTACK-6673
> >
> > Let me copy Alex and Chiradeep, they might have some background about
> this.
> >
> > Le 31/05/2014 08:27, ilya musayev a ecrit :
> > I really dont know why. I guess we can figure out who made the commit
> and ask for rationale on this, but i'm not aware of any reason why /root must
> be 777. Big security hole in my opinion.
> > I'd say to give it a try in your env first, if your tests pass, commit.
> > On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote:
> > Hi,
> > Does anyone know the reason why cloudstack-setup-management make
> /root
> > directory mode 777 in ubuntu?
> > https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils
> > /serviceConfig.py#L767 If no one have objection, I will remove this
> > code.
> > Regards,
> > Noji
> >
> >
Re: Why does cloudstack-setup-management make /root writable?
Posted by Yoshikazu Nojima <ma...@ynojima.net>.
Thanks Sebastien, and Chiradeep,
I've already push a commit to remove the code.
If someone explain the reason why we need it, I'll revert my code or
make additional patch.
2014-06-02 11:02 GMT-06:00 Chiradeep Vittal <Ch...@citrix.com>:
> No idea, but +1 on removing it.
>
> From: Sebastien Goasguen <ru...@gmail.com>>
> Date: Monday, June 2, 2014 at 12:16 AM
> To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>, Alex Huang <Al...@citrix.com>>, Chiradeep Vittal <ch...@citrix.com>>
> Subject: Re: Why does cloudstack-setup-management make /root writable?
>
>
> On May 31, 2014, at 11:14 AM, Milamber <mi...@apache.org>> wrote:
>
> A related ticket has been open in Jira
> https://issues.apache.org/jira/browse/CLOUDSTACK-6673
>
> Let me copy Alex and Chiradeep, they might have some background about this.
>
> Le 31/05/2014 08:27, ilya musayev a ecrit :
> I really dont know why. I guess we can figure out who made the commit and ask for rationale on this, but i'm not aware of any reason why /root must be 777. Big security hole in my opinion.
> I'd say to give it a try in your env first, if your tests pass, commit.
> On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote:
> Hi,
> Does anyone know the reason why cloudstack-setup-management make /root
> directory mode 777 in ubuntu?
> https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serviceConfig.py#L767
> If no one have objection, I will remove this code.
> Regards,
> Noji
>
>
Re: Why does cloudstack-setup-management make /root writable?
Posted by Rohit Yadav <bh...@apache.org>.
+1 I just found it was removed yesterday from master:
https://github.com/apache/cloudstack/commit/ab89eb106f9836632668366d407a2d8c5892bec9
Regards.
On Mon, Jun 2, 2014 at 10:32 PM, Chiradeep Vittal <
Chiradeep.Vittal@citrix.com> wrote:
> No idea, but +1 on removing it.
>
> From: Sebastien Goasguen <ru...@gmail.com>>
> Date: Monday, June 2, 2014 at 12:16 AM
> To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <
> dev@cloudstack.apache.org<ma...@cloudstack.apache.org>>, Alex Huang <
> Alex.Huang@citrix.com<ma...@citrix.com>>, Chiradeep Vittal <
> chiradeep.vittal@citrix.com<ma...@citrix.com>>
> Subject: Re: Why does cloudstack-setup-management make /root writable?
>
>
> On May 31, 2014, at 11:14 AM, Milamber <milamber@apache.org<mailto:
> milamber@apache.org>> wrote:
>
> A related ticket has been open in Jira
> https://issues.apache.org/jira/browse/CLOUDSTACK-6673
>
> Let me copy Alex and Chiradeep, they might have some background about this.
>
> Le 31/05/2014 08:27, ilya musayev a ecrit :
> I really dont know why. I guess we can figure out who made the commit and
> ask for rationale on this, but i'm not aware of any reason why /root must
> be 777. Big security hole in my opinion.
> I'd say to give it a try in your env first, if your tests pass, commit.
> On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote:
> Hi,
> Does anyone know the reason why cloudstack-setup-management make /root
> directory mode 777 in ubuntu?
>
> https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serviceConfig.py#L767
> If no one have objection, I will remove this code.
> Regards,
> Noji
>
>
>
Re: Why does cloudstack-setup-management make /root writable?
Posted by Chiradeep Vittal <Ch...@citrix.com>.
No idea, but +1 on removing it.
From: Sebastien Goasguen <ru...@gmail.com>>
Date: Monday, June 2, 2014 at 12:16 AM
To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>, Alex Huang <Al...@citrix.com>>, Chiradeep Vittal <ch...@citrix.com>>
Subject: Re: Why does cloudstack-setup-management make /root writable?
On May 31, 2014, at 11:14 AM, Milamber <mi...@apache.org>> wrote:
A related ticket has been open in Jira
https://issues.apache.org/jira/browse/CLOUDSTACK-6673
Let me copy Alex and Chiradeep, they might have some background about this.
Le 31/05/2014 08:27, ilya musayev a ecrit :
I really dont know why. I guess we can figure out who made the commit and ask for rationale on this, but i'm not aware of any reason why /root must be 777. Big security hole in my opinion.
I'd say to give it a try in your env first, if your tests pass, commit.
On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote:
Hi,
Does anyone know the reason why cloudstack-setup-management make /root
directory mode 777 in ubuntu?
https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serviceConfig.py#L767
If no one have objection, I will remove this code.
Regards,
Noji
Re: Why does cloudstack-setup-management make /root writable?
Posted by Sebastien Goasguen <ru...@gmail.com>.
On May 31, 2014, at 11:14 AM, Milamber <mi...@apache.org> wrote:
>
> A related ticket has been open in Jira
> https://issues.apache.org/jira/browse/CLOUDSTACK-6673
>
Let me copy Alex and Chiradeep, they might have some background about this.
>
>
>
> Le 31/05/2014 08:27, ilya musayev a ecrit :
>> I really dont know why. I guess we can figure out who made the commit and ask for rationale on this, but i'm not aware of any reason why /root must be 777. Big security hole in my opinion.
>>
>> I'd say to give it a try in your env first, if your tests pass, commit.
>>
>> On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote:
>>> Hi,
>>>
>>> Does anyone know the reason why cloudstack-setup-management make /root
>>> directory mode 777 in ubuntu?
>>>
>>> https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serviceConfig.py#L767
>>>
>>> If no one have objection, I will remove this code.
>>>
>>> Regards,
>>> Noji
>>
>>
>
Re: Why does cloudstack-setup-management make /root writable?
Posted by Milamber <mi...@apache.org>.
A related ticket has been open in Jira
https://issues.apache.org/jira/browse/CLOUDSTACK-6673
Le 31/05/2014 08:27, ilya musayev a ecrit :
> I really dont know why. I guess we can figure out who made the commit
> and ask for rationale on this, but i'm not aware of any reason why
> /root must be 777. Big security hole in my opinion.
>
> I'd say to give it a try in your env first, if your tests pass, commit.
>
> On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote:
>> Hi,
>>
>> Does anyone know the reason why cloudstack-setup-management make /root
>> directory mode 777 in ubuntu?
>>
>> https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serviceConfig.py#L767
>>
>>
>> If no one have objection, I will remove this code.
>>
>> Regards,
>> Noji
>
>
Re: Why does cloudstack-setup-management make /root writable?
Posted by ilya musayev <il...@gmail.com>.
I really dont know why. I guess we can figure out who made the commit
and ask for rationale on this, but i'm not aware of any reason why /root
must be 777. Big security hole in my opinion.
I'd say to give it a try in your env first, if your tests pass, commit.
On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote:
> Hi,
>
> Does anyone know the reason why cloudstack-setup-management make /root
> directory mode 777 in ubuntu?
>
> https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serviceConfig.py#L767
>
> If no one have objection, I will remove this code.
>
> Regards,
> Noji