peterbourgon
commented
2 years ago umask :)
Closed iredmail closed 2 years ago
peterbourgon
commented
2 years ago umask :)
iredmail
commented
2 years ago umask is for permission, Diskv already supports this. But we need to set owner / group when program is running as root. :(
peterbourgon
commented
2 years ago I see, sorry I misunderstood the original post.
I don't think it should be part of diskv to allow files to be created by configurable user accounts. It's surprising behavior and creates security concerns. In your situation you could setuid the CLI binary to the nobody user, so that when it's run it will always run as nobody.
But to be honest the CLI should not run diskv package functions directly, if there is also a daemon process running over the same directories. It should rather send commands to the daemon to make whatever changes it wants. This is actually pretty important, diskv expects that its data dir(s) are owned by itself, and not manipulated by anything else. This assumption is baked into stuff like the memory cache.
Dear @peterbourgon,
I have a daemon service and a command-line tool (CLI), both uses diskv. Daemon service is running as a non-privileged user (like
nobodyuser).The problem is, sysadmin may run the CLI tool as root user, in this case all files and directories created by the CLI are owned by the root user and group, the daemon service can not read the new files triggered by CLI.
It would be very useful if we can add new attribute in
diskv.Optionsto set the owner and group for newly created file and directory.