search

bflad / chef-stash

Chef Cookbook for Atlassian Stash
Other
37 stars 42 forks source link

umask warning when restarting (in vagrant ubuntu1404) #92

Closed patcon closed 9 years ago

patcon commented 9 years ago 
Stash is being run with a umask that contains potentially unsafe settings.
The following issues were found with the mask "u=rwx,g=rwx,o=rx" (0002):
 - access is allowed to 'others'. It is recommended that 'others' be denied
   all access for security reasons.
 - write access is allowed to 'group'. It is recommend that 'group' be
   denied write access. Read access to a restricted group is recommended
   to allow access to the logs.

The recommended umask for Stash is "u=,g=w,o=rwx" (0027) and can be
configured in setenv.sh

Uncommenting the umask setting in setenv.sh as recommended seems to suppressed the error, but perhaps we should do it at user level?

patcon commented 9 years ago

Yeah, seems the global value is set in login.defs, but that's rather presumptuous, so perhaps setenv.sh is the place. Thoughts?

linc01n commented 9 years ago

Confirmed. The new setenv.sh is checking umask value while the previous version is missing this check.

patcon commented 9 years ago

:+1: thanks!

linc01n commented 9 years ago

Thanks for reporting :exclamation: