-sysperms=false (default) doesn't appear to do anything #13371

issue TheBlueMatt opened this issue on June 1, 2018
  1. TheBlueMatt commented at 7:00 PM on June 1, 2018: contributor

    Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I'm misreading the docs but it appears umask(077) isnt doing anything.

  2. maflcko added the label good first issue on Jun 1, 2018
  3. maflcko added the label Linux/Unix on Jun 1, 2018
  4. n2yen commented at 3:51 PM on June 3, 2018: none

    can work on this.

  5. n2yen referenced this in commit 691ded013a on Jun 4, 2018
  6. n2yen referenced this in commit 1b3b723372 on Jun 5, 2018
  7. n2yen referenced this in commit 3bf437bfbe on Jun 8, 2018
  8. n2yen referenced this in commit e125fd803a on Jun 8, 2018
  9. n2yen referenced this in commit af589c63db on Jun 8, 2018
  10. n2yen referenced this in commit e429ba8d55 on Jun 8, 2018
  11. n2yen referenced this in commit 3b8551d3a8 on Sep 11, 2018
  12. n2yen referenced this in commit 654e2b9397 on Sep 16, 2018
  13. n2yen referenced this in commit eb39a7f733 on Sep 16, 2018
  14. n2yen referenced this in commit ee709fd8e1 on Sep 17, 2018
  15. n2yen referenced this in commit 29ba4c3303 on Sep 17, 2018
  16. n2yen referenced this in commit 2e2ed57eb4 on Sep 17, 2018
  17. n2yen referenced this in commit 0c0e4332d3 on Sep 30, 2018
  18. n2yen referenced this in commit 4da0561974 on Sep 30, 2018
  19. n2yen referenced this in commit 9395a954cf on Sep 30, 2018
  20. n2yen referenced this in commit 11bca3d497 on Sep 30, 2018
  21. n2yen referenced this in commit 0394a871db on Sep 30, 2018
  22. hebasto commented at 4:59 PM on April 26, 2019: member

    @TheBlueMatt

    Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I'm misreading the docs but it appears umask(077) isnt doing anything.

    -sysperms=false makes Bitcoin Core create files with umask = 077 rather permissions 077. And this implies 0600 permissions for regular files and 0700 for directories. See: Debian Reference

    So, Bitcoin Core creates files as expected ;)

  23. n2yen referenced this in commit dd51b8fa35 on May 21, 2019
  24. n2yen referenced this in commit 09072f762a on Jul 27, 2019
  25. niVelion commented at 4:21 PM on January 12, 2022: none

    Despite -sysperms=false (default) docs saying files will be created with perms 077

    I assume you're referring to these docs:

    $ bitcoind --help | grep --after-context 3 sysperms
  -sysperms
       Create new files with system default permissions, instead of umask 077
       (only effective with disabled wallet functionality)

    I don't know where to find bitcoind's default values, but you mention this setting is by default false, which makes sense given what it does.

    Running umask on my Debian-based distro returns my system default umask 002, meaning the system (that is, not my user) will create new files with permissions u=rwx g=rwx o=rx.

    Perhaps the help text would be more readable if it said:

    Create new files with system default umask, instead of umask 077.

    In fact, this is what the commit message that introduced this change said!

    • bdd5b58 Add option -sysperms to disable 077 umask (create new files with system default umask)

    Link to help text: https://github.com/bitcoin/bitcoin/blob/master/src/init.cpp#L430

    Shall I make that change @TheBlueMatt ?

  26. susanka068 commented at 6:55 PM on March 20, 2022: none

    Hello, I'd like to tackle this issue. Is this issue still open ?

  27. maflcko removed the label good first issue on Mar 21, 2022
  28. willcl-ark referenced this in commit eb23b08165 on Nov 16, 2022
  29. willcl-ark referenced this in commit 7f51cfc70b on Nov 16, 2022
  30. willcl-ark referenced this in commit fb3c590230 on Nov 16, 2022
  31. willcl-ark commented at 2:06 PM on November 16, 2022: contributor

    @TheBlueMatt

    Despite -sysperms=false (default) docs saying files will be created with perms 077, none of my default-created datadirs appear to have any permissions aside from 0600. Maybe I'm misreading the docs but it appears umask(077) isnt doing anything.

    -sysperms=false makes Bitcoin Core create files with umask = 077 rather permissions 077. And this implies 0600 permissions for regular files and 0700 for directories. See: Debian Reference

    So, Bitcoin Core creates files as expected ;)

    Just to check:

    System: Ubuntu 22.04 umask: 002 (OS default)

    I've tested creating a new datadir on master with default bitcoind settings (i.e. without setting -sysperms and with wallet enabled): bitcoind -signet. We expect bitcoin to use umask 077 by default.

    For directories expect: 777 - 077 = 700 = rwx------ For files expect:      666 - 077 = 600 = rw-------

    It created the following:

    will@ubuntu in /tmp
❯ exa -alR .bitcoin
drwxrwxr-x - will 15 Nov 14:22 signet
drwxrwxr-x - will 15 Nov 14:22 wallets

.bitcoin/signet:
.rw-------    0 will 15 Nov 14:22 .lock
.rw-------   37 will 15 Nov 14:22 anchors.dat
.rw-------   31 will 15 Nov 14:22 banlist.json
drwx------    - will 15 Nov 14:22 blocks
drwx------    - will 15 Nov 14:22 chainstate
.rw------- 7.0k will 15 Nov 14:22 debug.log
.rw------- 248k will 15 Nov 14:22 fee_estimates.dat
.rw-------   18 will 15 Nov 14:22 mempool.dat
.rw-------   99 will 15 Nov 14:22 onion_v3_private_key
.rw-------  11k will 15 Nov 14:22 peers.dat
.rw-rw-r--    4 will 15 Nov 14:22 settings.json
drwxrwxr-x    - will 15 Nov 14:22 wallets

    It seems to have used the system umask to create .bitcoin/, signet/, signet/wallets/ and top level wallets/ directories (777-002=775), but not blocks/ and chainstate/ directories. It has also used system umask to create the settings.json file.

    This happens because ReadConfigFiles() is called before AppInitBasicSetup() (which sets the umask) and ReadConfigFiles will internally call GetConfigFile() which in turn calls AbsPathForConfigVal(), where calling either of GetDataDirNet() or GetDataDirBase() will init the base file structure before the -sysperms flag has been parsed.

    Starting with bitcoind -signet -sysperms -disablewallet:

    For directories expect: 777 - 002 = 775 = rwxrwxr-x For files expect:      666 - 002 = 664 = rw-rw-r--

    Which creates the following:

    will@ubuntu in /tmp
❯ exa -al -R .bitcoin_sysperms/
drwxrwxr-x - will 15 Nov 16:18 signet
drwxrwxr-x - will 15 Nov 16:17 wallets

.bitcoin_sysperms/signet:
.rw-rw-r--    0 will 15 Nov 16:18 .lock
.rw-rw-r--   37 will 15 Nov 16:18 anchors.dat
.rw-rw-r--   31 will 15 Nov 16:18 banlist.json
drwxrwxr-x    - will 15 Nov 16:18 blocks
drwxrwxr-x    - will 15 Nov 16:18 chainstate
.rw-rw-r-- 6.5k will 15 Nov 16:18 debug.log
.rw-rw-r-- 248k will 15 Nov 16:18 fee_estimates.dat
.rw-rw-r--   18 will 15 Nov 16:18 mempool.dat
.rw-rw-r--   99 will 15 Nov 16:18 onion_v3_private_key
.rw-rw-r--  12k will 15 Nov 16:18 peers.dat
.rw-rw-r--    4 will 15 Nov 16:18 settings.json
drwxrwxr-x    - will 15 Nov 16:17 wallets

    I have a PR which results in the following (correct) filestructure when started without the -sysperms flag:

    will@ubuntu in /tmp/13371
❯ exa -al -R
drwx------ - will 16 Nov 13:47 .bitcoin

./.bitcoin:
drwx------ - will 16 Nov 13:47 signet
drwx------ - will 16 Nov 13:47 wallets

./.bitcoin/signet:
.rw-------    0 will 16 Nov 13:47 .lock
.rw-------   37 will 16 Nov 13:47 anchors.dat
.rw-------   31 will 16 Nov 13:47 banlist.json
drwx------    - will 16 Nov 13:47 blocks
drwx------    - will 16 Nov 13:47 chainstate
.rw------- 7.1k will 16 Nov 13:47 debug.log
.rw------- 248k will 16 Nov 13:47 fee_estimates.dat
.rw-------   18 will 16 Nov 13:47 mempool.dat
.rw-------   99 will 16 Nov 13:47 onion_v3_private_key
.rw-------  16k will 16 Nov 13:47 peers.dat
.rw-------    4 will 16 Nov 13:47 settings.json
drwx------    - will 16 Nov 13:47 wallets

    And with -sysperms -disablewallet:

    will@ubuntu in /tmp/13371
❯ exa -al -R
drwxrwxr-x - will 16 Nov 13:54 .bitcoin_sysperms

./.bitcoin_sysperms:
drwxrwxr-x - will 16 Nov 13:55 signet
drwxrwxr-x - will 16 Nov 13:54 wallets

./.bitcoin_sysperms/signet:
.rw-rw-r--    0 will 16 Nov 13:55 .lock
.rw-rw-r--   37 will 16 Nov 13:55 anchors.dat
.rw-rw-r--   31 will 16 Nov 13:55 banlist.json
drwxrwxr-x    - will 16 Nov 13:55 blocks
drwxrwxr-x    - will 16 Nov 13:55 chainstate
.rw-rw-r-- 7.0k will 16 Nov 13:55 debug.log
.rw-rw-r-- 248k will 16 Nov 13:55 fee_estimates.dat
.rw-rw-r--   18 will 16 Nov 13:55 mempool.dat
.rw-rw-r--   99 will 16 Nov 13:55 onion_v3_private_key
.rw-rw-r--  14k will 16 Nov 13:55 peers.dat
.rw-rw-r--    4 will 16 Nov 13:55 settings.json
drwxrwxr-x    - will 16 Nov 13:54 wallets

    I would be interested in more feedback on whether such a change is desirable because changing the default file permissions could possibly break things upstream for other projects?

  32. fanquake closed this on Feb 7, 2023
  33. bitcoin locked this on Feb 7, 2024
Contributors
TheBlueMattn2yenhebastoniVelionsusanka068willcl-ark
Labels
Linux/Unix
Linked (view graph)
#15902 Wrong permissions for datadir and walletdir#26512 init: Evaluate sysperms before config file
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-27 03:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me