[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] PATCH: Remove execute permission from xend-debug.log
On Tue, Apr 24, 2007 at 11:30:30PM +0100, Keir Fraser wrote:
> On 24/4/07 23:15, "Aron Griffis" <aron@xxxxxx> wrote:
> >>> Seems that the patch should be using 0666 instead of 0600 so that
> >>> umask can affect group/other perms. At the very least it should use
> >>> 0664.
> >> Xen-debug.log is the only file in /var/log/xen getting created with
> >> +x permissions, so something is obviously up. Arguably we can get
> >> rid of xend-debug.log entirely -- I don't believe anything ever gets
> >> logged there these days. I took the patch because 0600 seems saner
> >> than 0755.
> > It doesn't make any real difference to me, just thought I'd bring up
> > the umask question before the patch was committed... though at this
> > point it's in staging, so I guess I was too late. ;-)
> You're probably right that one of 0644,0664,0666 is better. They're
> certainly more in line with all other files under /var/log/xen.
Yeah, actually I agree - I thought the other files were already 0600, but
in fact it is just the directory itself whose permissions are restricted.
I'd just go for 0666, so if an admin wants to make the log files accessible
to non-root, they merely have to change the permissions on the dir itself
and the files will already be correctly setup. It was only removing the
executable bit that I really wanted to sort out.
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
Xen-devel mailing list