[rrd-developers] Bug#606844: rrdcached: default UNIX socket permision should be changed.

Sebastian Harl tokkee at debian.org
Fri Apr 25 21:11:27 CEST 2014

forwarded 606844 rrd-developers at lists.oetiker.ch


On Sun, Dec 12, 2010 at 11:14:58AM +0100, Witold Baryluk wrote:
> Strange, but
> when I start rrdcached with default debian options, i have
> # ls -l /var/run/rrdcached.sock  -l
> srwxr-xr-x 1 root root 0 12-12 10:51 /var/run/rrdcached.sock
> #
> but when I add "-s adm" at th begining of options, i have
> # ls -l /var/run/rrdcached.sock  -l
> srwxrw---- 1 root adm 0 12-12 10:52 /var/run/rrdcached.sock
> #
> Shouldn't socket also in default mode also use 760 or 770 ?
> Isn't default  mode somehow unsecure *755" !?

Yeah, this should be more consistent. Anyway, a few things to note:

 - changing the behavior would be a backward incompatible change

 - some operating systems don't care about file permissions of a UNIX
   socket (however, Linux does take them into account)

 - I'm not sure what the best behavior would be; I don't consider 755
   insecure for most use-cases, so that could still be a good default

Anyway, once a solution has been agreed upon, a fix will be easy.
Currently, rrdcached calls chmod only if -s was specified on the command


That is, by default, you get permissions based on your umask and 770

Forwarding this upstream for further input.


Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/

Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety.         -- Benjamin Franklin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : http://lists.oetiker.ch/pipermail/rrd-developers/attachments/20140425/4aa793df/attachment.pgp 

More information about the rrd-developers mailing list