-sysperms=false (default) doesn’t appear to do anything #13371

issue TheBlueMatt openend this issue on June 1, 2018
  1. TheBlueMatt commented at 7:00 pm on June 1, 2018: contributor
    Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I’m misreading the docs but it appears umask(077) isnt doing anything.
  2. maflcko added the label good first issue on Jun 1, 2018
  3. maflcko added the label Linux/Unix on Jun 1, 2018
  4. n2yen commented at 3:51 pm on June 3, 2018: none
    can work on this.
  5. n2yen referenced this in commit 691ded013a on Jun 4, 2018
  6. n2yen referenced this in commit 1b3b723372 on Jun 5, 2018
  7. n2yen referenced this in commit 3bf437bfbe on Jun 8, 2018
  8. n2yen referenced this in commit e125fd803a on Jun 8, 2018
  9. n2yen referenced this in commit af589c63db on Jun 8, 2018
  10. n2yen referenced this in commit e429ba8d55 on Jun 8, 2018
  11. n2yen referenced this in commit 3b8551d3a8 on Sep 11, 2018
  12. n2yen referenced this in commit 654e2b9397 on Sep 16, 2018
  13. n2yen referenced this in commit eb39a7f733 on Sep 16, 2018
  14. n2yen referenced this in commit ee709fd8e1 on Sep 17, 2018
  15. n2yen referenced this in commit 29ba4c3303 on Sep 17, 2018
  16. n2yen referenced this in commit 2e2ed57eb4 on Sep 17, 2018
  17. n2yen referenced this in commit 0c0e4332d3 on Sep 30, 2018
  18. n2yen referenced this in commit 4da0561974 on Sep 30, 2018
  19. n2yen referenced this in commit 9395a954cf on Sep 30, 2018
  20. n2yen referenced this in commit 11bca3d497 on Sep 30, 2018
  21. n2yen referenced this in commit 0394a871db on Sep 30, 2018
  22. hebasto commented at 4:59 pm on April 26, 2019: member

    @TheBlueMatt

    Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I’m misreading the docs but it appears umask(077) isnt doing anything.

    -sysperms=false makes Bitcoin Core create files with umask = 077 rather permissions 077. And this implies 0600 permissions for regular files and 0700 for directories. See: Debian Reference

    So, Bitcoin Core creates files as expected ;)

  23. n2yen referenced this in commit dd51b8fa35 on May 21, 2019
  24. n2yen referenced this in commit 09072f762a on Jul 27, 2019
  25. niVelion commented at 4:21 pm on January 12, 2022: none

    Despite -sysperms=false (default) docs saying files will be created with perms 077

    I assume you’re referring to these docs:

    0$ bitcoind --help | grep --after-context 3 sysperms
    1  -sysperms
    2       Create new files with system default permissions, instead of umask 077
    3       (only effective with disabled wallet functionality)
    

    I don’t know where to find bitcoind’s default values, but you mention this setting is by default false, which makes sense given what it does.

    Running umask on my Debian-based distro returns my system default umask 002, meaning the system (that is, not my user) will create new files with permissions u=rwx g=rwx o=rx.

    Perhaps the help text would be more readable if it said:

    Create new files with system default umask, instead of umask 077.

    In fact, this is what the commit message that introduced this change said!

    • bdd5b58 Add option -sysperms to disable 077 umask (create new files with system default umask)

    Link to help text: https://github.com/bitcoin/bitcoin/blob/master/src/init.cpp#L430

    Shall I make that change @TheBlueMatt ?

  26. susanka068 commented at 6:55 pm on March 20, 2022: none
    Hello, I’d like to tackle this issue. Is this issue still open ?
  27. maflcko removed the label good first issue on Mar 21, 2022
  28. willcl-ark referenced this in commit eb23b08165 on Nov 16, 2022
  29. willcl-ark referenced this in commit 7f51cfc70b on Nov 16, 2022
  30. willcl-ark referenced this in commit fb3c590230 on Nov 16, 2022
  31. willcl-ark commented at 2:06 pm on November 16, 2022: contributor

    @TheBlueMatt

    Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I’m misreading the docs but it appears umask(077) isnt doing anything.

    -sysperms=false makes Bitcoin Core create files with umask = 077 rather permissions 077. And this implies 0600 permissions for regular files and 0700 for directories. See: Debian Reference

    So, Bitcoin Core creates files as expected ;)

    Just to check:

    System: Ubuntu 22.04 umask: 002 (OS default)

    I’ve tested creating a new datadir on master with default bitcoind settings (i.e. without setting -sysperms and with wallet enabled): bitcoind -signet. We expect bitcoin to use umask 077 by default.

    For directories expect: 777 - 077 = 700 = rwx------ For files expect:      666 - 077 = 600 = rw-------

    It created the following:

     0will@ubuntu in /tmp
     1❯ exa -alR .bitcoin
     2drwxrwxr-x - will 15 Nov 14:22 signet
     3drwxrwxr-x - will 15 Nov 14:22 wallets
     4
     5.bitcoin/signet:
     6.rw-------    0 will 15 Nov 14:22 .lock
     7.rw-------   37 will 15 Nov 14:22 anchors.dat
     8.rw-------   31 will 15 Nov 14:22 banlist.json
     9drwx------    - will 15 Nov 14:22 blocks
    10drwx------    - will 15 Nov 14:22 chainstate
    11.rw------- 7.0k will 15 Nov 14:22 debug.log
    12.rw------- 248k will 15 Nov 14:22 fee_estimates.dat
    13.rw-------   18 will 15 Nov 14:22 mempool.dat
    14.rw-------   99 will 15 Nov 14:22 onion_v3_private_key
    15.rw-------  11k will 15 Nov 14:22 peers.dat
    16.rw-rw-r--    4 will 15 Nov 14:22 settings.json
    17drwxrwxr-x    - will 15 Nov 14:22 wallets
    

    It seems to have used the system umask to create .bitcoin/, signet/, signet/wallets/ and top level wallets/ directories (777-002=775), but not blocks/ and chainstate/ directories. It has also used system umask to create the settings.json file.

    This happens because ReadConfigFiles() is called before AppInitBasicSetup() (which sets the umask) and ReadConfigFiles will internally call GetConfigFile() which in turn calls AbsPathForConfigVal(), where calling either of GetDataDirNet() or GetDataDirBase() will init the base file structure before the -sysperms flag has been parsed.


    Starting with bitcoind -signet -sysperms -disablewallet:

    For directories expect: 777 - 002 = 775 = rwxrwxr-x For files expect:      666 - 002 = 664 = rw-rw-r--

    Which creates the following:

     0will@ubuntu in /tmp
     1❯ exa -al -R .bitcoin_sysperms/
     2drwxrwxr-x - will 15 Nov 16:18 signet
     3drwxrwxr-x - will 15 Nov 16:17 wallets
     4
     5.bitcoin_sysperms/signet:
     6.rw-rw-r--    0 will 15 Nov 16:18 .lock
     7.rw-rw-r--   37 will 15 Nov 16:18 anchors.dat
     8.rw-rw-r--   31 will 15 Nov 16:18 banlist.json
     9drwxrwxr-x    - will 15 Nov 16:18 blocks
    10drwxrwxr-x    - will 15 Nov 16:18 chainstate
    11.rw-rw-r-- 6.5k will 15 Nov 16:18 debug.log
    12.rw-rw-r-- 248k will 15 Nov 16:18 fee_estimates.dat
    13.rw-rw-r--   18 will 15 Nov 16:18 mempool.dat
    14.rw-rw-r--   99 will 15 Nov 16:18 onion_v3_private_key
    15.rw-rw-r--  12k will 15 Nov 16:18 peers.dat
    16.rw-rw-r--    4 will 15 Nov 16:18 settings.json
    17drwxrwxr-x    - will 15 Nov 16:17 wallets
    

    I have a PR which results in the following (correct) filestructure when started without the -sysperms flag:

     0will@ubuntu in /tmp/13371
     1❯ exa -al -R
     2drwx------ - will 16 Nov 13:47 .bitcoin
     3
     4./.bitcoin:
     5drwx------ - will 16 Nov 13:47 signet
     6drwx------ - will 16 Nov 13:47 wallets
     7
     8./.bitcoin/signet:
     9.rw-------    0 will 16 Nov 13:47 .lock
    10.rw-------   37 will 16 Nov 13:47 anchors.dat
    11.rw-------   31 will 16 Nov 13:47 banlist.json
    12drwx------    - will 16 Nov 13:47 blocks
    13drwx------    - will 16 Nov 13:47 chainstate
    14.rw------- 7.1k will 16 Nov 13:47 debug.log
    15.rw------- 248k will 16 Nov 13:47 fee_estimates.dat
    16.rw-------   18 will 16 Nov 13:47 mempool.dat
    17.rw-------   99 will 16 Nov 13:47 onion_v3_private_key
    18.rw-------  16k will 16 Nov 13:47 peers.dat
    19.rw-------    4 will 16 Nov 13:47 settings.json
    20drwx------    - will 16 Nov 13:47 wallets
    

    And with -sysperms -disablewallet:

     0will@ubuntu in /tmp/13371
     1❯ exa -al -R
     2drwxrwxr-x - will 16 Nov 13:54 .bitcoin_sysperms
     3
     4./.bitcoin_sysperms:
     5drwxrwxr-x - will 16 Nov 13:55 signet
     6drwxrwxr-x - will 16 Nov 13:54 wallets
     7
     8./.bitcoin_sysperms/signet:
     9.rw-rw-r--    0 will 16 Nov 13:55 .lock
    10.rw-rw-r--   37 will 16 Nov 13:55 anchors.dat
    11.rw-rw-r--   31 will 16 Nov 13:55 banlist.json
    12drwxrwxr-x    - will 16 Nov 13:55 blocks
    13drwxrwxr-x    - will 16 Nov 13:55 chainstate
    14.rw-rw-r-- 7.0k will 16 Nov 13:55 debug.log
    15.rw-rw-r-- 248k will 16 Nov 13:55 fee_estimates.dat
    16.rw-rw-r--   18 will 16 Nov 13:55 mempool.dat
    17.rw-rw-r--   99 will 16 Nov 13:55 onion_v3_private_key
    18.rw-rw-r--  14k will 16 Nov 13:55 peers.dat
    19.rw-rw-r--    4 will 16 Nov 13:55 settings.json
    20drwxrwxr-x    - will 16 Nov 13:54 wallets
    

    I would be interested in more feedback on whether such a change is desirable because changing the default file permissions could possibly break things upstream for other projects?

  32. fanquake closed this on Feb 7, 2023

  33. bitcoin locked this on Feb 7, 2024

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 12:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me