Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent file permissions #5171

Closed
mark-rushakoff opened this issue Dec 19, 2015 · 6 comments
Closed

Inconsistent file permissions #5171

mark-rushakoff opened this issue Dec 19, 2015 · 6 comments
Labels
1.x area/storage wontfix

Comments

@mark-rushakoff
Copy link
Contributor

Sometimes we make directories 0700, sometimes 0777:

→ git grep -w ' 0[0-9][0-9][0-9]' | grep '.go:' | grep -v _test.go | grep dir
cmd/influxd/restore/restore.go: if err := os.MkdirAll(filepath.Dir(path), 0777); err != nil {
cmd/influxd/run/command.go: err := os.MkdirAll(filepath.Dir(path), 0777)
meta/store.go:  return os.MkdirAll(s.path, 0777)
services/hh/node_processor.go:  if err := os.MkdirAll(n.dir, 0700); err != nil {
services/hh/service.go: if err := os.MkdirAll(s.cfg.Dir, 0700); err != nil {
tsdb/engine/tsm1/engine.go: if err := os.MkdirAll(e.path, 0777); err != nil {
tsdb/engine/tsm1/wal.go:    if err := os.MkdirAll(l.path, 0777); err != nil {
tsdb/engine/wal/wal.go: if err := os.MkdirAll(l.path, 0777); err != nil {
tsdb/store.go:  if err := os.MkdirAll(filepath.Join(s.path, database, retentionPolicy), 0700); err != nil {
tsdb/store.go:  if err := os.MkdirAll(walPath, 0700); err != nil {
tsdb/store.go:  if err := os.MkdirAll(s.path, 0777); err != nil {

We usually use 0666 for files, with some exceptions from the CLI history, Raft's peers.json, and the hinted handoff queue.

→ git grep -w ' 0[0-9][0-9][0-9]' | grep '.go:' | grep -v _test.go | grep -i file | grep -vi mkdir
cmd/influx/cli/cli.go:      if c.historyFile, err = os.OpenFile(historyFilePath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0640); err == nil {
cmd/influx_inspect/tsm.go:  f, err := os.OpenFile(filepath.Join(path, FieldsFileExtension), os.O_RDONLY, 0666)
cmd/influx_inspect/tsm.go:  f, err := os.OpenFile(filepath.Join(path, SeriesFileExtension), os.O_RDONLY, 0666)
cmd/influx_inspect/tsm.go:  f, err := os.OpenFile(filepath.Join(path, IDsFileExtension), os.O_RDONLY, 0666)
cmd/influxd/run/command.go: if err := ioutil.WriteFile(path, []byte(pid), 0666); err != nil {
meta/state.go:  return ioutil.WriteFile(filepath.Join(r.store.path, "peers.json"), buf.Bytes(), 0755)
meta/store.go:  return ioutil.WriteFile(s.IDPath(), []byte(strconv.FormatUint(id, 10)), 0666)
services/hh/queue.go:   f, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0600)
tsdb/engine/tsm1/cache.go:          f, err := os.OpenFile(fn, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/tsm1/compact.go:    fd, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/tsm1/file_store.go:     file, err := os.OpenFile(fn, os.O_RDONLY, 0666)
tsdb/engine/tsm1/wal.go:    fd, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: f, err := os.OpenFile(fileName, os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: l.metaFile, err = os.OpenFile(nextFileName, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: ff, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: f, err := p.os.OpenCompactionFile(path, os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: f, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0666)
@benbjohnson
Copy link
Contributor

We should always set 0666 for files and 0777 for directories and let users adjust permissions via umask.

@nicolas17
Copy link

I would like my directories to be group- or world-readable, so I greatly welcome making this controllable via umask.

@tw-bert
Copy link

tw-bert commented Jun 6, 2017
edited
Loading

Since we use a Telegraf plugin to monitor the dirsize of InfluxDB, we also need umask functionality (preferably in the influxdb conf file). We added user telegraf to user group influxdb, but new influxdb directories get 700 flags (InfluxDB version 1.2.2). As a workaround, we now have a cron job that does a chmod -R g+rX /var/lib/influxdb/data each 10 minutes. Ugly, but necessary atm.

See: https://stackoverflow.com/a/44386280/2759336

@dgnorton dgnorton added the 1.x label Jan 7, 2019
@pseudocoder
Copy link

This also affects the backup command, which probably has more impact than the internal storage. Version 1.8.

err = os.MkdirAll(cmd.path, 0700)
	out, err := os.OpenFile(filepath.Join(cmd.path, filename), os.O_CREATE|os.O_RDWR, 0600)

@stale
Copy link

stale bot commented Sep 3, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Sep 3, 2019
@stale
Copy link

stale bot commented Sep 10, 2019

This issue has been automatically closed because it has not had recent activity. Please reopen if this issue is still important to you. Thank you for your contributions.

@stale stale bot closed this as completed Sep 10, 2019
@jacobmarble jacobmarble mentioned this issue Jan 21, 2020
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.x area/storage wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@nicolas17 @benbjohnson @rbetts @dgnorton @mark-rushakoff @e-dard @pseudocoder @tw-bert