Xen devel - Apr 2007 - PATCH: Remove execute permission from xend-debug.log

The file /var/log/xen/xend-debug.log is currently being created with 
executable permission bits set. This is because the os.open() method
defaults to using a mode of 0777 if no third parameter is provided.
The attached patch changes the mode to 0600 to ensure that the file
permissions come out as -rw-------  instead of -rwxr-xr-x

    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Daniel P. Berrange wrote:  [Tue Apr 24 2007, 03:22:11PM
EDT]
> The file /var/log/xen/xend-debug.log is currently being created with 
> executable permission bits set. This is because the os.open() method
> defaults to using a mode of 0777 if no third parameter is provided.
> The attached patch changes the mode to 0600 to ensure that the file
> permissions come out as -rw-------  instead of -rwxr-xr-x
Doesn''t os.open default to 0777 & ~umask?  Doesn''t seem
like xend
should be overriding root''s umask

Aron

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Aron Griffis wrote:  [Tue Apr 24 2007, 05:39:41PM EDT]
> Daniel P. Berrange wrote:  [Tue Apr 24 2007, 03:22:11PM EDT]
> > The file /var/log/xen/xend-debug.log is currently being created with 
> > executable permission bits set. This is because the os.open() method
> > defaults to using a mode of 0777 if no third parameter is provided.
> > The attached patch changes the mode to 0600 to ensure that the file
> > permissions come out as -rw-------  instead of -rwxr-xr-x
> 
> Doesn''t os.open default to 0777 & ~umask?  Doesn''t
seem like xend
> should be overriding root''s umask
Seems that the patch should be using 0666 instead of 0600 so that
umask can affect group/other perms.  At the very least it should use
0664.

Aron

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 24/4/07 22:45, "Aron Griffis" <aron@hp.com> wrote:
>>> The file /var/log/xen/xend-debug.log is currently being created
with
>>> executable permission bits set. This is because the os.open()
method
>>> defaults to using a mode of 0777 if no third parameter is provided.
>>> The attached patch changes the mode to 0600 to ensure that the file
>>> permissions come out as -rw-------  instead of -rwxr-xr-x
>> 
>> Doesn''t os.open default to 0777 & ~umask? 
Doesn''t seem like xend
>> should be overriding root''s umask
> 
> Seems that the patch should be using 0666 instead of 0600 so that
> umask can affect group/other perms.  At the very least it should use
> 0664.
Xen-debug.log is the only file in /var/log/xen getting created with +x
permissions, so something is obviously up. Arguably we can get rid of
xend-debug.log entirely -- I don''t believe anything ever gets logged
there
these days. I took the patch because 0600 seems saner than 0755.

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Keir Fraser wrote:  [Tue Apr 24 2007, 06:08:16PM EDT]
> On 24/4/07 22:45, "Aron Griffis" <aron@hp.com> wrote:
> 
> >>> The file /var/log/xen/xend-debug.log is currently being
created with
> >>> executable permission bits set. This is because the os.open()
method
> >>> defaults to using a mode of 0777 if no third parameter is
provided.
> >>> The attached patch changes the mode to 0600 to ensure that the
file
> >>> permissions come out as -rw-------  instead of -rwxr-xr-x
> >> 
> >> Doesn''t os.open default to 0777 & ~umask? 
Doesn''t seem like xend
> >> should be overriding root''s umask
> > 
> > Seems that the patch should be using 0666 instead of 0600 so that
> > umask can affect group/other perms.  At the very least it should use
> > 0664.
> 
> Xen-debug.log is the only file in /var/log/xen getting created with
> +x permissions, so something is obviously up. Arguably we can get
> rid of xend-debug.log entirely -- I don''t believe anything ever
gets
> logged there these days. I took the patch because 0600 seems saner
> than 0755.
It doesn''t make any real difference to me, just thought I''d
bring up
the umask question before the patch was committed... though at this
point it''s in staging, so I guess I was too late. ;-)

Aron

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 24/4/07 23:15, "Aron Griffis" <aron@hp.com> wrote:
>>> Seems that the patch should be using 0666 instead of 0600 so that
>>> umask can affect group/other perms.  At the very least it should
use
>>> 0664.
>> 
>> Xen-debug.log is the only file in /var/log/xen getting created with
>> +x permissions, so something is obviously up. Arguably we can get
>> rid of xend-debug.log entirely -- I don''t believe anything
ever gets
>> logged there these days. I took the patch because 0600 seems saner
>> than 0755.
> 
> It doesn''t make any real difference to me, just thought
I''d bring up
> the umask question before the patch was committed... though at this
> point it''s in staging, so I guess I was too late. ;-)
You''re probably right that one of 0644,0664,0666 is better.
They''re
certainly more in line with all other files under /var/log/xen.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Tue, Apr 24, 2007 at 11:30:30PM +0100, Keir Fraser
wrote:
> On 24/4/07 23:15, "Aron Griffis" <aron@hp.com> wrote:
> 
> >>> Seems that the patch should be using 0666 instead of 0600 so
that
> >>> umask can affect group/other perms.  At the very least it
should use
> >>> 0664.
> >> 
> >> Xen-debug.log is the only file in /var/log/xen getting created
with
> >> +x permissions, so something is obviously up. Arguably we can get
> >> rid of xend-debug.log entirely -- I don''t believe
anything ever gets
> >> logged there these days. I took the patch because 0600 seems saner
> >> than 0755.
> > 
> > It doesn''t make any real difference to me, just thought
I''d bring up
> > the umask question before the patch was committed... though at this
> > point it''s in staging, so I guess I was too late. ;-)
> 
> You''re probably right that one of 0644,0664,0666 is better.
They''re
> certainly more in line with all other files under /var/log/xen.
Yeah, actually I agree - I thought the other files were already 0600, but
in fact it is just the directory itself whose permissions are restricted.
I''d just go for 0666, so if an admin wants to make the log files
accessible
to non-root, they merely have to change the permissions on the dir itself
and the files will already be correctly setup. It was only removing the
executable bit that I really wanted to sort out.

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel