[RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750
@ 2026-03-18 16:51 Stoiko Ivanov
  2026-03-18 17:08 ` applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Stoiko Ivanov @ 2026-03-18 16:51 UTC (permalink / raw)
  To: pve-devel

In a recent discussion on pve-devel[0] the question of why
/run/pve-cluster has a mode of 0750 instead of 0755 provided for the
mkdir call that creates it came up.

Sending this patch as it took me a while to find the reason - 3 lines
above that mkdir call we set umask(027). (see mkdir(2) and umask(2)),
which is effective for the whole process.

The patch is effectively purely cosmetic (and basically a pmxcfs tree-wide
`s/0755/0750/g`) - the mode of the created directories was 0750 without it as
well.

>From a quick check on a VM setup on top of Debian Trixie the
permissions on the system were already 0750 - so this should only make
the actual mode explicitly visible, and should not cause unexpected
changes.

[0] https://lore.proxmox.com/pve-devel/s8o7brad0e6.fsf@toolbox/

Reported-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
Sending as RFC as I did not get around to test this enough (e.g.
installing on a fresh debian, before installing proxmox-ve)

 src/pmxcfs/pmxcfs.c |  6 +++---
 src/pmxcfs/status.c | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/pmxcfs/pmxcfs.c b/src/pmxcfs/pmxcfs.c
index d56f125..14f1168 100644
--- a/src/pmxcfs/pmxcfs.c
+++ b/src/pmxcfs/pmxcfs.c
@@ -848,8 +848,8 @@ int main(int argc, char *argv[]) {
 
     umask(027);
 
-    mkdir(VARLIBDIR, 0755);
-    mkdir(RUNDIR, 0755);
+    mkdir(VARLIBDIR, 0750);
+    mkdir(RUNDIR, 0750);
     chown(RUNDIR, 0, cfs.gid);
 
     if ((lockfd = open(LOCKFILE, O_RDWR | O_CREAT | O_APPEND, 0600)) == -1) {
@@ -927,7 +927,7 @@ int main(int argc, char *argv[]) {
 
     umount2(CFSDIR, MNT_FORCE);
 
-    mkdir(CFSDIR, 0755);
+    mkdir(CFSDIR, 0750);
 
     // TODO: remove big_writes with change to libfuse3
     char *fa[] = {"-f", "-odefault_permissions", "-oallow_other", "-obig_writes", NULL};
diff --git a/src/pmxcfs/status.c b/src/pmxcfs/status.c
index cb03e4e..bb68445 100644
--- a/src/pmxcfs/status.c
+++ b/src/pmxcfs/status.c
@@ -1287,10 +1287,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) {
         filename = g_strdup_printf(RRDDIR "/pve-node-9.0/%s", node);
 
         if (!g_file_test(filename, G_FILE_TEST_EXISTS)) {
-            checked_mkdir(RRDDIR "/pve-node-9.0", 0755);
+            checked_mkdir(RRDDIR "/pve-node-9.0", 0750);
 
             char *dir = g_path_get_dirname(filename);
-            checked_mkdir(dir, 0755);
+            checked_mkdir(dir, 0750);
             g_free(dir);
 
             int argcount = sizeof(rrd_def_node_pve9_0) / sizeof(void *) - 1;
@@ -1322,10 +1322,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) {
 
         if (!g_file_test(filename, G_FILE_TEST_EXISTS)) {
             // no dir exists yet, use new pve-vm-9.0
-            checked_mkdir(RRDDIR "/pve-vm-9.0", 0755);
+            checked_mkdir(RRDDIR "/pve-vm-9.0", 0750);
 
             char *dir = g_path_get_dirname(filename);
-            checked_mkdir(dir, 0755);
+            checked_mkdir(dir, 0750);
             g_free(dir);
 
             int argcount = sizeof(rrd_def_vm_pve9_0) / sizeof(void *) - 1;
@@ -1362,10 +1362,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) {
 
         if (!g_file_test(filename, G_FILE_TEST_EXISTS)) {
             // no dir exists yet, use new pve-storage-9.0
-            checked_mkdir(RRDDIR "/pve-storage-9.0", 0755);
+            checked_mkdir(RRDDIR "/pve-storage-9.0", 0750);
 
             char *dir = g_path_get_dirname(filename);
-            checked_mkdir(dir, 0755);
+            checked_mkdir(dir, 0750);
             g_free(dir);
 
             int argcount = sizeof(rrd_def_storage_pve9_0) / sizeof(void *) - 1;
-- 
2.47.3





^ permalink raw reply	[flat|nested] 2+ messages in thread

* applied: [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750
  2026-03-18 16:51 [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750 Stoiko Ivanov
@ 2026-03-18 17:08 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2026-03-18 17:08 UTC (permalink / raw)
  To: pve-devel, Stoiko Ivanov

On Wed, 18 Mar 2026 17:51:46 +0100, Stoiko Ivanov wrote:
> In a recent discussion on pve-devel[0] the question of why
> /run/pve-cluster has a mode of 0750 instead of 0755 provided for the
> mkdir call that creates it came up.
> 
> Sending this patch as it took me a while to find the reason - 3 lines
> above that mkdir call we set umask(027). (see mkdir(2) and umask(2)),
> which is effective for the whole process.
> 
> [...]

Applied, thanks!

[1/1] pmxcfs: explicitly set implicit mkdir mode to 0750
      commit: d4c537641a6041725afa4400c0c84910e40f73a5




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-18 17:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-18 16:51 [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750 Stoiko Ivanov
2026-03-18 17:08 ` applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal