[Bug 1945533] Re: permissions on /var/tmp/metrics_collector.sock

OpenStack Infra 1945533 at bugs.launchpad.net
Wed Oct 13 15:34:45 UTC 2021 

Reviewed:  https://review.opendev.org/c/openstack/oslo.metrics/+/813018
Committed: https://opendev.org/openstack/oslo.metrics/commit/b23fb97c97d02615c0eef428ebd223b6baced952
Submitter: "Zuul (22348)"
Branch:    master

commit b23fb97c97d02615c0eef428ebd223b6baced952
Author: Corey Bryant <corey.bryant at canonical.com>
Date:   Thu Oct 7 09:57:27 2021 -0400

    Limit metrics_socket_file permissions
    
    This limits the metrics_socket_file permissions to 0o660. Prior
    to this change, symbolic constants were used, resulting in
    0o707 permissions.
    
    Closes-Bug: #1945533
    Change-Id: I009ffbc10d3400881c6f8b2178494ba180d6549f


** Changed in: oslo.metrics
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-oslo.metrics in Ubuntu.
https://bugs.launchpad.net/bugs/1945533

Title:
  permissions on /var/tmp/metrics_collector.sock

Status in oslo.metrics:
  Fix Released
Status in python-oslo.metrics package in Ubuntu:
  Fix Released

Bug description:
  Hello, I believe the socket is being created with incorrect
  permissions:

  def main():
      cfg.CONF(sys.argv[1:])
      socket_path = cfg.CONF.oslo_metrics.metrics_socket_file
      m = MetricsListener(socket_path)
      try:
          os.chmod(socket_path, stat.S_IRWXU | stat.S_IRWXO)

  
  My sys_stat.h(7) manpage has:

    │S_IRWXU │      0700     │ Read, write, execute/search by owner.        │
  ..
    │S_IRWXG │       070     │ Read, write, execute/search by group.        │
  ..
    │S_IRWXO │        07     │ Read, write, execute/search by others.       │

  
  Thus the resulting permissions are 0707. I don't recall seeing 0707 used intentionally before, it's only ever been a mistake by people using the symbolic forms rather than typing the desired octal directly.

  If mode 0707 is intentional, can I ask for a comment to be placed
  there to describe why these unusual permissions are expected?

  I propose replacing the modes with 0o666, 0o660, or 0o600, as
  appropriate. (The only mention of 'execute' in my unix(7) manpage is
  referring to the directory the socket is created in.)

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/oslo.metrics/+bug/1945533/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list