Wrong permissions for datadir and walletdir #15902

issue hebasto opened this issue on April 26, 2019
  1. hebasto commented at 4:44 PM on April 26, 2019: member

    On my Linux Mint 19.1:

    $ umask
0022

    After the first run of bitcoin-qt -sysperm=false the 0700 permissions are expected for both the datadir (~/.bitcoin) and the walletdir (~/.bitcoin/wallets).

    Actually, the directories are created with such access permissions:

    $ stat ~/.bitcoin | grep Uid
Access: (0755/drwxr-xr-x)  Uid: ( 1000/ hebasto)   Gid: ( 1000/ hebasto)
$ stat ~/.bitcoin/wallets | grep Uid
Access: (0755/drwxr-xr-x)  Uid: ( 1000/ hebasto)   Gid: ( 1000/ hebasto)

    Refs:

    NOTE: reading through the initial PR #4286 makes me think it was controversial. Is it a better and simpler way to just get rid of -sysperm option? I believe a user who needs this option can easily run chown command.

  2. hebasto cross-referenced this on Apr 27, 2019 from issue Utils and libraries: Fix #13371 - move umask operation earlier in AppInit() by n2yen
  3. laanwj added the label Utils/log/libs on May 2, 2019
  4. Kixunil commented at 12:26 PM on September 24, 2019: none

    I'd suggest these changes:

    • Wallets and block files are created with different permissions
    • Introduce -walletperms option to change the default (600) to whatever user wants.
    • Create block files with 644, the user can restrict it with umask

    It solves this problem: running electr (needs to access blocks to be efficient) Eclair (needs wallet) and bitcoind under a different user. Currently one needs to give up efficiency or security.

    I'm willing to do PR if you don't see any important problem with my suggestion.

  5. hebasto commented at 2:41 PM on October 13, 2019: member

    Also: comment by @laanwj.

  6. hebasto cross-referenced this on Oct 13, 2019 from issue util: Set safe permissions for data directory and `wallets/` subdir by hebasto
  7. fanquake closed this on Feb 7, 2023
  8. bitcoin locked this on Feb 7, 2024
Contributors
hebastoKixunil
Labels
Utils/log/libs
Linked (view graph)
#4286 Add option to disable 077 umask (create new files with system default umask)#13371 -sysperms=false (default) doesn't appear to do anything#13389 Utils and libraries: Fix #13371 - move umask operation earlier in AppInit()#17127 util: Set safe permissions for data directory and `wallets/` subdir
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 12:54 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me