Closed iredmail closed 2 years ago
umask
:)
umask is for permission, Diskv already supports this. But we need to set owner / group when program is running as root. :(
I see, sorry I misunderstood the original post.
I don't think it should be part of diskv
to allow files to be created by configurable user accounts. It's surprising behavior and creates security concerns. In your situation you could setuid
the CLI binary to the nobody
user, so that when it's run it will always run as nobody
.
But to be honest the CLI should not run diskv
package functions directly, if there is also a daemon process running over the same directories. It should rather send commands to the daemon to make whatever changes it wants. This is actually pretty important, diskv
expects that its data dir(s) are owned by itself, and not manipulated by anything else. This assumption is baked into stuff like the memory cache.
Dear @peterbourgon,
I have a daemon service and a command-line tool (CLI), both uses diskv. Daemon service is running as a non-privileged user (like
nobody
user).The problem is, sysadmin may run the CLI tool as root user, in this case all files and directories created by the CLI are owned by the root user and group, the daemon service can not read the new files triggered by CLI.
It would be very useful if we can add new attribute in
diskv.Options
to set the owner and group for newly created file and directory.