Wrong permissions for datadir and walletdir #15902

issue hebasto openend this issue on April 26, 2019
  1. hebasto commented at 4:44 pm on April 26, 2019: member

    On my Linux Mint 19.1:

    0$ umask
    10022
    

    After the first run of bitcoin-qt -sysperm=false the 0700 permissions are expected for both the datadir (~/.bitcoin) and the walletdir (~/.bitcoin/wallets).

    Actually, the directories are created with such access permissions:

    0$ stat ~/.bitcoin | grep Uid
    1Access: (0755/drwxr-xr-x)  Uid: ( 1000/ hebasto)   Gid: ( 1000/ hebasto)
    2$ stat ~/.bitcoin/wallets | grep Uid
    3Access: (0755/drwxr-xr-x)  Uid: ( 1000/ hebasto)   Gid: ( 1000/ hebasto)
    

    Refs:

    NOTE: reading through the initial PR #4286 makes me think it was controversial. Is it a better and simpler way to just get rid of -sysperm option? I believe a user who needs this option can easily run chown command.

  2. laanwj added the label Utils/log/libs on May 2, 2019
  3. Kixunil commented at 12:26 pm on September 24, 2019: none

    I’d suggest these changes:

    • Wallets and block files are created with different permissions
    • Introduce -walletperms option to change the default (600) to whatever user wants.
    • Create block files with 644, the user can restrict it with umask

    It solves this problem: running electr (needs to access blocks to be efficient) Eclair (needs wallet) and bitcoind under a different user. Currently one needs to give up efficiency or security.

    I’m willing to do PR if you don’t see any important problem with my suggestion.

  4. hebasto commented at 2:41 pm on October 13, 2019: member
    Also: comment by @laanwj.
  5. fanquake closed this on Feb 7, 2023

  6. bitcoin locked this on Feb 7, 2024

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 00:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me