[pve-devel] [PVE-User] More restrictive disk image permissions

Dietmar Maurer dietmar at proxmox.com
Thu Jun 27 18:41:52 CEST 2013


> Proxmox stores KVM virtual disk images in /var/lib/vz/images/*/* with
> permissions 0644,root,root.  It seems to me a security risk for the images to be
> world readable.  In fact, the virtual machines can function just fine with
> permissions 0600.
> 
> Are the default permissions configurable?  Why is it not more secure by default?
> Is there anything wrong with 0600 that I haven't considered?

We need to test that. Please can you file a bug at bugzilla.proxmox.com?




More information about the pve-devel mailing list