-sysperms=false (default) doesn’t appear to do anything #13371
issue TheBlueMatt openend this issue on June 1, 2018-
TheBlueMatt commented at 7:00 pm on June 1, 2018: contributorDespite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I’m misreading the docs but it appears umask(077) isnt doing anything.
-
maflcko added the label good first issue on Jun 1, 2018
-
maflcko added the label Linux/Unix on Jun 1, 2018
-
n2yen commented at 3:51 pm on June 3, 2018: nonecan work on this.
-
n2yen referenced this in commit 691ded013a on Jun 4, 2018
-
n2yen referenced this in commit 1b3b723372 on Jun 5, 2018
-
n2yen referenced this in commit 3bf437bfbe on Jun 8, 2018
-
n2yen referenced this in commit e125fd803a on Jun 8, 2018
-
n2yen referenced this in commit af589c63db on Jun 8, 2018
-
n2yen referenced this in commit e429ba8d55 on Jun 8, 2018
-
n2yen referenced this in commit 3b8551d3a8 on Sep 11, 2018
-
n2yen referenced this in commit 654e2b9397 on Sep 16, 2018
-
n2yen referenced this in commit eb39a7f733 on Sep 16, 2018
-
n2yen referenced this in commit ee709fd8e1 on Sep 17, 2018
-
n2yen referenced this in commit 29ba4c3303 on Sep 17, 2018
-
n2yen referenced this in commit 2e2ed57eb4 on Sep 17, 2018
-
n2yen referenced this in commit 0c0e4332d3 on Sep 30, 2018
-
n2yen referenced this in commit 4da0561974 on Sep 30, 2018
-
n2yen referenced this in commit 9395a954cf on Sep 30, 2018
-
n2yen referenced this in commit 11bca3d497 on Sep 30, 2018
-
n2yen referenced this in commit 0394a871db on Sep 30, 2018
-
hebasto commented at 4:59 pm on April 26, 2019: member
Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I’m misreading the docs but it appears umask(077) isnt doing anything.
-sysperms=false
makes Bitcoin Core create files withumask = 077
rather permissions077
. And this implies0600
permissions for regular files and0700
for directories. See: Debian ReferenceSo, Bitcoin Core creates files as expected ;)
-
n2yen referenced this in commit dd51b8fa35 on May 21, 2019
-
n2yen referenced this in commit 09072f762a on Jul 27, 2019
-
niVelion commented at 4:21 pm on January 12, 2022: none
Despite -sysperms=false (default) docs saying files will be created with perms 077
I assume you’re referring to these docs:
0$ bitcoind --help | grep --after-context 3 sysperms 1 -sysperms 2 Create new files with system default permissions, instead of umask 077 3 (only effective with disabled wallet functionality)
I don’t know where to find bitcoind’s default values, but you mention this setting is by default
false
, which makes sense given what it does.Running
umask
on my Debian-based distro returns my system default umask002
, meaning the system (that is, not my user) will create new files with permissions u=rwx g=rwx o=rx.Perhaps the help text would be more readable if it said:
Create new files with system default umask, instead of umask 077.
In fact, this is what the commit message that introduced this change said!
bdd5b58
Add option-sysperms
to disable 077 umask (create new files with system default umask)
Link to help text: https://github.com/bitcoin/bitcoin/blob/master/src/init.cpp#L430
Shall I make that change @TheBlueMatt ?
-
susanka068 commented at 6:55 pm on March 20, 2022: noneHello, I’d like to tackle this issue. Is this issue still open ?
-
maflcko removed the label good first issue on Mar 21, 2022
-
willcl-ark referenced this in commit eb23b08165 on Nov 16, 2022
-
willcl-ark referenced this in commit 7f51cfc70b on Nov 16, 2022
-
willcl-ark referenced this in commit fb3c590230 on Nov 16, 2022
-
willcl-ark commented at 2:06 pm on November 16, 2022: contributor
Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I’m misreading the docs but it appears umask(077) isnt doing anything.
-sysperms=false
makes Bitcoin Core create files withumask = 077
rather permissions077
. And this implies0600
permissions for regular files and0700
for directories. See: Debian ReferenceSo, Bitcoin Core creates files as expected ;)
Just to check:
System: Ubuntu 22.04 umask: 002 (OS default)
I’ve tested creating a new datadir on master with default bitcoind settings (i.e. without setting
-sysperms
and with wallet enabled):bitcoind -signet
. We expect bitcoin to use umask 077 by default.For directories expect: 777 - 077 = 700 =
rwx------
For files expect: 666 - 077 = 600 =rw-------
It created the following:
0will@ubuntu in /tmp 1❯ exa -alR .bitcoin 2drwxrwxr-x - will 15 Nov 14:22 signet 3drwxrwxr-x - will 15 Nov 14:22 wallets 4 5.bitcoin/signet: 6.rw------- 0 will 15 Nov 14:22 .lock 7.rw------- 37 will 15 Nov 14:22 anchors.dat 8.rw------- 31 will 15 Nov 14:22 banlist.json 9drwx------ - will 15 Nov 14:22 blocks 10drwx------ - will 15 Nov 14:22 chainstate 11.rw------- 7.0k will 15 Nov 14:22 debug.log 12.rw------- 248k will 15 Nov 14:22 fee_estimates.dat 13.rw------- 18 will 15 Nov 14:22 mempool.dat 14.rw------- 99 will 15 Nov 14:22 onion_v3_private_key 15.rw------- 11k will 15 Nov 14:22 peers.dat 16.rw-rw-r-- 4 will 15 Nov 14:22 settings.json 17drwxrwxr-x - will 15 Nov 14:22 wallets
It seems to have used the system umask to create
.bitcoin/
,signet/
,signet/wallets/
and top levelwallets/
directories (777-002=775), but notblocks/
andchainstate/
directories. It has also used system umask to create thesettings.json
file.This happens because
ReadConfigFiles()
is called beforeAppInitBasicSetup()
(which sets the umask) andReadConfigFiles
will internally callGetConfigFile()
which in turn callsAbsPathForConfigVal()
, where calling either ofGetDataDirNet()
orGetDataDirBase()
will init the base file structure before the-sysperms
flag has been parsed.
Starting with
bitcoind -signet -sysperms -disablewallet
:For directories expect: 777 - 002 = 775 =
rwxrwxr-x
For files expect: 666 - 002 = 664 =rw-rw-r--
Which creates the following:
0will@ubuntu in /tmp 1❯ exa -al -R .bitcoin_sysperms/ 2drwxrwxr-x - will 15 Nov 16:18 signet 3drwxrwxr-x - will 15 Nov 16:17 wallets 4 5.bitcoin_sysperms/signet: 6.rw-rw-r-- 0 will 15 Nov 16:18 .lock 7.rw-rw-r-- 37 will 15 Nov 16:18 anchors.dat 8.rw-rw-r-- 31 will 15 Nov 16:18 banlist.json 9drwxrwxr-x - will 15 Nov 16:18 blocks 10drwxrwxr-x - will 15 Nov 16:18 chainstate 11.rw-rw-r-- 6.5k will 15 Nov 16:18 debug.log 12.rw-rw-r-- 248k will 15 Nov 16:18 fee_estimates.dat 13.rw-rw-r-- 18 will 15 Nov 16:18 mempool.dat 14.rw-rw-r-- 99 will 15 Nov 16:18 onion_v3_private_key 15.rw-rw-r-- 12k will 15 Nov 16:18 peers.dat 16.rw-rw-r-- 4 will 15 Nov 16:18 settings.json 17drwxrwxr-x - will 15 Nov 16:17 wallets
I have a PR which results in the following (correct) filestructure when started without the
-sysperms
flag:0will@ubuntu in /tmp/13371 1❯ exa -al -R 2drwx------ - will 16 Nov 13:47 .bitcoin 3 4./.bitcoin: 5drwx------ - will 16 Nov 13:47 signet 6drwx------ - will 16 Nov 13:47 wallets 7 8./.bitcoin/signet: 9.rw------- 0 will 16 Nov 13:47 .lock 10.rw------- 37 will 16 Nov 13:47 anchors.dat 11.rw------- 31 will 16 Nov 13:47 banlist.json 12drwx------ - will 16 Nov 13:47 blocks 13drwx------ - will 16 Nov 13:47 chainstate 14.rw------- 7.1k will 16 Nov 13:47 debug.log 15.rw------- 248k will 16 Nov 13:47 fee_estimates.dat 16.rw------- 18 will 16 Nov 13:47 mempool.dat 17.rw------- 99 will 16 Nov 13:47 onion_v3_private_key 18.rw------- 16k will 16 Nov 13:47 peers.dat 19.rw------- 4 will 16 Nov 13:47 settings.json 20drwx------ - will 16 Nov 13:47 wallets
And with
-sysperms -disablewallet
:0will@ubuntu in /tmp/13371 1❯ exa -al -R 2drwxrwxr-x - will 16 Nov 13:54 .bitcoin_sysperms 3 4./.bitcoin_sysperms: 5drwxrwxr-x - will 16 Nov 13:55 signet 6drwxrwxr-x - will 16 Nov 13:54 wallets 7 8./.bitcoin_sysperms/signet: 9.rw-rw-r-- 0 will 16 Nov 13:55 .lock 10.rw-rw-r-- 37 will 16 Nov 13:55 anchors.dat 11.rw-rw-r-- 31 will 16 Nov 13:55 banlist.json 12drwxrwxr-x - will 16 Nov 13:55 blocks 13drwxrwxr-x - will 16 Nov 13:55 chainstate 14.rw-rw-r-- 7.0k will 16 Nov 13:55 debug.log 15.rw-rw-r-- 248k will 16 Nov 13:55 fee_estimates.dat 16.rw-rw-r-- 18 will 16 Nov 13:55 mempool.dat 17.rw-rw-r-- 99 will 16 Nov 13:55 onion_v3_private_key 18.rw-rw-r-- 14k will 16 Nov 13:55 peers.dat 19.rw-rw-r-- 4 will 16 Nov 13:55 settings.json 20drwxrwxr-x - will 16 Nov 13:54 wallets
I would be interested in more feedback on whether such a change is desirable because changing the default file permissions could possibly break things upstream for other projects?
-
fanquake closed this on Feb 7, 2023
-
bitcoin locked this on Feb 7, 2024
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 12:12 UTC
More mirrored repositories can be found on mirror.b10c.me