[pbs-devel] [PATCH proxmox-backup] chunk_store: fix problem with permission checking
Gabriel Goller
g.goller at proxmox.com
Thu Nov 14 10:45:44 CET 2024
On 13.11.2024 15:42, Wolfgang Bumiller wrote:
>On Wed, Nov 13, 2024 at 03:20:54PM GMT, Gabriel Goller wrote:
>> On 13.11.2024 13:40, Hannes Laimer wrote:
>> > Permissions are stored in the lower 9 bits (rwxrwxrwx),
>> > so we have to mask `st_mode` with 0o777.
>> > The datastore root dir is created with 755, the `.chunks` dir and its
>> > contents with 750 and the `.lock` file with 644, this changes the
>> > expected permissions accordingly.
>>
>> Oops, this is my bad, I missed this.
>>
>> Matching the whole st_mode exactly would be nice, but not so practical
>> as we would need to be generic over file/dir and symbolic link.
>>
>> Also CC'ing @Wolfgang as he persuaded me to match exactly in the first
>> place :)
>
>Ah yes, would have had to include the mode bits...
>
>But it seems the actual permissions were wrong as well?
Yep :)
>(Not sure if I mentioned this, but I'm not convinced we should *fail* on
>unexpected permissions, I mean, we're already changing the values in the
>check now 🤷)
Hmm I think we should fail on permissions that are too low :)
But anyway, I think it's better to be strict here – we don't want a user
to import a datastore and then something failing. (and also the user can
always change the permissions.)
More information about the pbs-devel
mailing list