Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(t) Suboptimal permissions on crontabs created by Rockstor #2556

Closed
FroggyFlox opened this issue May 23, 2023 · 1 comment · Fixed by #2559
Closed

(t) Suboptimal permissions on crontabs created by Rockstor #2556

FroggyFlox opened this issue May 23, 2023 · 1 comment · Fixed by #2559
Assignees
@FroggyFlox
Milestone
First Stable Poet...

Comments

@FroggyFlox
Copy link
Member

This issue results from a discussion with @phillxnet related to #2540: FroggyFlox@5fb66a6#r114644668

As detailed and demonstrated by @phillxnet in that conversation thread, our current creation of crontabs keeps the default mode of 644 whereas security hardening would recommend keeping these files accessible by root only.

It is thus proposed that we ensure a mode of 600 for the creation of our crontabs:
@FroggyFlox FroggyFlox changed the title (t) Harden permissions on crontabs created by Rockstor (t) Suboptimal permissions on crontabs created by Rockstor May 23, 2023
@FroggyFlox FroggyFlox added this to the First Stable Poetry build milestone May 23, 2023
FroggyFlox referenced this issue in FroggyFlox/rockstor-core May 23, 2023
@FroggyFlox
Ensure poetry path to binaries in local files rockstor#2540
5fb66a6 
Following our transition to Poetry, some local files generated
by Rockstor can still include now-legacy path to Rockstor binaries.
This commit ensures these local files include the new paths to the
binaries in the Poetry venv or correct when necessary at Rockstor's
start time.
@FroggyFlox FroggyFlox self-assigned this May 25, 2023
FroggyFlox added a commit to FroggyFlox/rockstor-core that referenced this issue May 25, 2023
@FroggyFlox
Set mask of Rockstor-created crontabs to 600 rockstor#2556
e0a0027 
Our crontabs are currently created in-place with a 644 mask.
This commit instead writes the crontabs to a tempfile that is then
set with a 600 mask before being moved to its final destination.
FroggyFlox added a commit to FroggyFlox/rockstor-core that referenced this issue May 25, 2023
@FroggyFlox
Update Copyright, move to string.format(), and Black formatting rocks…
b32b943 
…tor#2556
@FroggyFlox FroggyFlox mentioned this issue May 25, 2023
Merged
@FroggyFlox FroggyFlox linked a pull request May 25, 2023 that will close this issue
Improve permissions on crontabs created by rockstor #2559
Merged
phillxnet added a commit that referenced this issue May 27, 2023
@phillxnet
Merge pull request #2559 from FroggyFlox/2556_suboptimal_permission_o…
79ed934 
…n_crontabs_created_by_Rockstor

Improve permissions on crontabs created by rockstor #2556
@phillxnet
Copy link
Member

Closing as:
Fixed by #2559

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FroggyFlox FroggyFlox

Labels
None yet
Projects
None yet
Milestone
First Stable Poetry build
Development

Successfully merging a pull request may close this issue.

Improve permissions on crontabs created by rockstor FroggyFlox/rockstor-core
2 participants
@phillxnet @FroggyFlox