Currently, mount_storages.py scripts executes chmod g+rwx for all nfs storage mounts. In certain cases such mechanism can be too unsecure e.g. ssh keys directory.
Approach
Introduce an optional way to override mount initial mask to be used in chmod call via storage metadata key chmod.
Background
Currently,
mount_storages.py
scripts executeschmod g+rwx
for all nfs storage mounts. In certain cases such mechanism can be too unsecure e.g. ssh keys directory.Approach
Introduce an optional way to override mount initial mask to be used in
chmod
call via storage metadata keychmod
.