electricdusk/rushlink
3
3
Fork 3
Code Issues 21 Pull Requests 2 Releases Activity

database: set stricter file mode creation #58

New Issue
Closed
opened 2020-05-27 12:11:22 +02:00 by mrngm · 1 comment
mrngm commented 2020-05-27 12:11:22 +02:00
Collaborator
Copy Link

Currently, internal/db.OpenDB() executes:

db, err := bolt.Open(path, 0666, &bolt.Options{Timeout: 1 * time.Second})

where 0666 indicates an os.FileMode. This translates to the permissions rw-rw-rw-, used in Bolt for the creation file mode (see here). However, umask may influence this behaviour:

$ umask
0022
$ ls
files  main.go  rushlink
$ git log | head -n 1
commit 5a5a0dc5ece2ec6a0830fae23e9df84eca64dfe0
$ ./rushlink -file-store files/ -database flupsel.db
2020/05/27 12:09:13 migrating database to version 1
2020/05/27 12:09:13 migrating database to version 2
2020/05/27 12:09:13 migrating database to version 3
^C
$ ls -hl flupsel.db
-rw-r--r-- 1 mrngm mrngm 32K May 27 12:09 flupsel.db
$ rm flupsel.db
$ umask 0000
$ umask
0000
$ ls
files  main.go  rushlink
$ ./rushlink -file-store files/ -database flupsel.db
2020/05/27 12:10:40 migrating database to version 1
2020/05/27 12:10:40 migrating database to version 2
2020/05/27 12:10:40 migrating database to version 3
^C
$ ls -hl flupsel.db 
-rw-rw-rw- 1 mrngm mrngm 32K May 27 12:10 flupsel.db

It would be better to only grant rw permission for user/group, and none for other, by default.

Currently, `internal/db.OpenDB()` executes: ```go db, err := bolt.Open(path, 0666, &bolt.Options{Timeout: 1 * time.Second}) ``` where `0666` indicates an `os.FileMode`. This translates to the permissions `rw-rw-rw-`, used in Bolt for the creation file mode (see [here](https://github.com/etcd-io/bbolt/blob/v1.3.4/db.go#L210-L213)). However, `umask` may influence this behaviour: ```bash $ umask 0022 $ ls files main.go rushlink $ git log | head -n 1 commit 5a5a0dc5ece2ec6a0830fae23e9df84eca64dfe0 $ ./rushlink -file-store files/ -database flupsel.db 2020/05/27 12:09:13 migrating database to version 1 2020/05/27 12:09:13 migrating database to version 2 2020/05/27 12:09:13 migrating database to version 3 ^C $ ls -hl flupsel.db -rw-r--r-- 1 mrngm mrngm 32K May 27 12:09 flupsel.db $ rm flupsel.db $ umask 0000 $ umask 0000 $ ls files main.go rushlink $ ./rushlink -file-store files/ -database flupsel.db 2020/05/27 12:10:40 migrating database to version 1 2020/05/27 12:10:40 migrating database to version 2 2020/05/27 12:10:40 migrating database to version 3 ^C $ ls -hl flupsel.db -rw-rw-rw- 1 mrngm mrngm 32K May 27 12:10 flupsel.db ``` It would be better to only grant `rw` permission for user/group, and none for other, by default.
electricdusk commented 2020-05-27 22:31:05 +02:00
Owner
Copy Link

Agreed.

Agreed.
electricdusk added the
bug
 label 2020-05-27 22:31:14 +02:00
mrngm closed this issue 2020-06-28 12:16:01 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Uninteded behaviour
feature
Request for a feature to be implemented
good-beginner-bug
Bugs are probably easy to fix
needs-test
Needs a regression test
question
Question about the software
wontfix
Wont be resolved
No Label
bug
Milestone
No items
No Milestone
Assignees
Clear assignees
mara minnozz mrngm electricdusk
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: electricdusk/rushlink#58
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?