Wrong permissions for datadir and walletdir #15902

issue hebasto opened this issue on April 26, 2019

hebasto commented at 4:44 PM on April 26, 2019: member
On my Linux Mint 19.1:
```
$ umask
0022
```
After the first run of bitcoin-qt -sysperm=false the 0700 permissions are expected for both the datadir (~/.bitcoin) and the walletdir (~/.bitcoin/wallets).

Actually, the directories are created with such access permissions:
```
$ stat ~/.bitcoin | grep Uid
Access: (0755/drwxr-xr-x)  Uid: ( 1000/ hebasto)   Gid: ( 1000/ hebasto)
$ stat ~/.bitcoin/wallets | grep Uid
Access: (0755/drwxr-xr-x)  Uid: ( 1000/ hebasto)   Gid: ( 1000/ hebasto)
```
Refs:
- #4286
- #13371
- #13389
NOTE: reading through the initial PR #4286 makes me think it was controversial. Is it a better and simpler way to just get rid of -sysperm option? I believe a user who needs this option can easily run chown command.
laanwj added the label Utils/log/libs on May 2, 2019
Kixunil commented at 12:26 PM on September 24, 2019: none
I'd suggest these changes:
- Wallets and block files are created with different permissions
- Introduce -walletperms option to change the default (600) to whatever user wants.
- Create block files with 644, the user can restrict it with umask
It solves this problem: running electr (needs to access blocks to be efficient) Eclair (needs wallet) and bitcoind under a different user. Currently one needs to give up efficiency or security.

I'm willing to do PR if you don't see any important problem with my suggestion.
hebasto commented at 2:41 PM on October 13, 2019: member

Also: comment by @laanwj.
fanquake closed this on Feb 7, 2023
bitcoin locked this on Feb 7, 2024

Contributors

hebasto

Kixunil

Labels

Utils/log/libs

Linked (view graph)

#4286 Add option to disable 077 umask (create new files with system default umask)#13371 -sysperms=false (default) doesn't appear to do anything #13389 Utils and libraries: Fix #13371 - move umask operation earlier in AppInit()