hebasto
commented at 8:07 pm on October 13, 2019:
member
On master (1e7564eca8a688f39c75540877ec3bdfdde766b1) docs say:
0$ ./src/bitcoind -help | grep -A 3 sysperms
1 -sysperms
2 Create new files with system default permissions, instead of umask 077
3 (only effective with disabled wallet functionality)
Basing on that, one could expect that running bitcoind first time will create data directory and wallets/ subdirectory with safe 0700 permissions.
But that is not the case:
0$ stat .bitcoin | grep id
1Access: (0775/drwxrwxr-x) Uid: ( 1000/ hebasto) Gid: ( 1000/ hebasto)
2$ stat .bitcoin/wallets | grep id
3Access: (0775/drwxrwxr-x) Uid: ( 1000/ hebasto) Gid: ( 1000/ hebasto)
Both directories, in fact, are created with system default permissions.
With this PR:
0$ stat .bitcoin/wallets | grep id
1Access: (0700/drwx------) Uid: ( 1000/ hebasto) Gid: ( 1000/ hebasto)
2$ stat .bitcoin/wallets | grep id
3Access: (0700/drwx------) Uid: ( 1000/ hebasto) Gid: ( 1000/ hebasto)
This PR:
is alternative to bitcoin/bitcoin#13389
fixes bitcoin/bitcoin#15902
fixes bitcoin/bitcoin#22595
closes bitcoin/bitcoin#13371
reverts bitcoin/bitcoin#4286
Changes in behavior: removed -sysperms command-line argument / configure option. The related discussions are here:
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.
Conflicts
Reviewers, this pull request conflicts with the following ones:
#26863 (test: merge banning test from p2p_disconnect_ban to rpc_setban by brunoerg)
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
DrahtBot added the label
Needs rebase
on Apr 19, 2020
hebasto force-pushed
on Apr 20, 2020
hebasto
commented at 7:31 pm on April 20, 2020:
member
Rebased 7213e8cbe685556365021176d686f45bdd036dae -> 67b12091c78b0183aa9dc451d176b16f832d93f7 (pr17127.04 -> pr17127.05) due to the conflict with #15761.
DrahtBot removed the label
Needs rebase
on Apr 20, 2020
DrahtBot added the label
Needs rebase
on May 8, 2020
hebasto force-pushed
on May 9, 2020
hebasto
commented at 3:52 am on May 9, 2020:
member
Rebased 67b12091c78b0183aa9dc451d176b16f832d93f7 -> 297e61cdb8293c0bfd1d43f22eefbece3f541802 (pr17127.05 -> pr17127.06) due to the conflict with #16224.
DrahtBot removed the label
Needs rebase
on May 9, 2020
jonasschnelli
commented at 9:16 am on May 29, 2020:
contributor
utACK297e61cdb8293c0bfd1d43f22eefbece3f541802
DrahtBot added the label
Needs rebase
on Jul 23, 2020
hebasto force-pushed
on Jul 24, 2020
hebasto
commented at 7:25 am on July 24, 2020:
member
Rebased 297e61cdb8293c0bfd1d43f22eefbece3f541802 -> 337a7709502f562b764cce78f6de1d1a744cebd8 (pr17127.06 -> pr17127.07) due to the conflict with #15935.
DrahtBot removed the label
Needs rebase
on Jul 24, 2020
DrahtBot added the label
Needs rebase
on Jul 30, 2020
hebasto force-pushed
on Jul 31, 2020
hebasto
commented at 1:42 pm on July 31, 2020:
member
Rebased 337a7709502f562b764cce78f6de1d1a744cebd8 -> 788143749f7a71d0b3af12275e2fde7dc74ff03d (pr17127.07 -> pr17127.08) due to the conflict with #19561.
DrahtBot removed the label
Needs rebase
on Jul 31, 2020
DrahtBot added the label
Needs rebase
on Aug 26, 2020
hebasto force-pushed
on Aug 26, 2020
hebasto
commented at 9:33 am on August 26, 2020:
member
Rebased 788143749f7a71d0b3af12275e2fde7dc74ff03d -> 677617651e5b831da8d12f769a47d2957400d987 (pr17127.08 -> pr17127.09) due to the conflict with #19779.
DrahtBot removed the label
Needs rebase
on Aug 26, 2020
DrahtBot added the label
Needs rebase
on Sep 28, 2020
hebasto force-pushed
on Sep 29, 2020
hebasto
commented at 10:34 am on September 29, 2020:
member
Rebased 677617651e5b831da8d12f769a47d2957400d987 -> ef8ed07715f90bc156a4d4015ea1db9ee975963d (pr17127.09 -> pr17127.10) due to the conflict with #15367.
DrahtBot removed the label
Needs rebase
on Sep 29, 2020
practicalswift
commented at 7:48 pm on June 23, 2021:
contributor
Concept ACK
DrahtBot added the label
Needs rebase
on Feb 3, 2022
hebasto force-pushed
on Feb 5, 2022
hebasto
commented at 8:37 pm on February 5, 2022:
member
Rebased ef8ed07715f90bc156a4d4015ea1db9ee975963d -> 9b105d7289a793eaa30ae8fe7937b1356969758b (pr17127.10 -> pr17127.11) due to the conflict with #20744.
DrahtBot removed the label
Needs rebase
on Feb 5, 2022
hebasto renamed this:
util: Correct permissions for datadir and wallets subdir
util: Set safe permissions for data directory and `wallets/` subdir
on Feb 5, 2022
hebasto
commented at 9:20 pm on February 5, 2022:
member
PR description has been updated.
willcl-ark approved
willcl-ark
commented at 8:51 am on November 17, 2022:
contributor
ACK9b105d7289a793eaa30ae8fe7937b1356969758b
The test datadir will have the following files created in it after node shutdown:
Would it be worth adding a permissions test for e.g debug.log to check that the correct umask is also being applied to files?
Sorry, but I didn’t quite get your suggestion. Mind elaborating it?
willcl-ark
commented at 4:11 pm on November 30, 2022:
contributor
Sorry, but I didn’t quite get your suggestion. Mind elaborating it?
My fault for not being clearer!
You added a test for directory permissions, but not not one for files. As files and folders will be created with different permissions, it might make sense to add this at the same time?
For directories the test covers datadir and walletsdir. For files I was suggesting we could test debug.log.
willcl-ark
commented at 9:45 am on December 9, 2022:
contributor
fanquake requested review from willcl-ark
on Dec 20, 2022
willcl-ark approved
willcl-ark
commented at 11:09 am on January 6, 2023:
contributor
ACK07c496d01
Might want to add this to the release notes too?
Remove `-sysperms` option
This change effectively reverts commits from
https://github.com/bitcoin/bitcoin/pull/4286.
Users, who rely on non-default access permissions, should use `chmod`
command.
fanquake requested review from willcl-ark
on Feb 5, 2023
fanquake requested review from john-moffett
on Feb 5, 2023
in
src/i2p.cpp:339
in
15c7105a2doutdated
335@@ -336,7 +336,7 @@ void Session::GenerateAndSavePrivateKey(const Sock& sock)
336 {
337 DestGenerate(sock);
338339- // umask is set to 077 in init.cpp, which is ok (unless -sysperms is given)
340+ // umask is set to 077 in init.cpp, which is ok.
john-moffett
commented at 3:48 pm on February 5, 2023:
In system.cpp now, right?
hebasto
commented at 11:12 am on February 6, 2023:
85@@ -86,7 +86,7 @@ bool GenerateAuthCookie(std::string *cookie_out)
86 std::string cookie = COOKIEAUTH_USER + ":" + HexStr(rand_pwd);
8788 /** the umask determines what permissions are used to create this file -
89- * these are set to 077 in init.cpp unless overridden with -sysperms.
90+ * these are set to 077 in init.cpp.
john-moffett
commented at 3:55 pm on February 5, 2023:
system.cpp
hebasto
commented at 11:12 am on February 6, 2023:
This is a metadata mirror of the GitHub repository
bitcoin/bitcoin.
This site is not affiliated with GitHub.
Content is generated from a GitHub metadata backup.
generated: 2024-12-18 06:12 UTC
This site is hosted by @0xB10C More mirrored repositories can be found on mirror.b10c.me