[RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750
@ 2026-03-18 16:51 Stoiko Ivanov
  2026-03-18 17:08 ` applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Stoiko Ivanov @ 2026-03-18 16:51 UTC (permalink / raw)
  To: pve-devel

In a recent discussion on pve-devel[0] the question of why
/run/pve-cluster has a mode of 0750 instead of 0755 provided for the
mkdir call that creates it came up.

Sending this patch as it took me a while to find the reason - 3 lines
above that mkdir call we set umask(027). (see mkdir(2) and umask(2)),
which is effective for the whole process.

The patch is effectively purely cosmetic (and basically a pmxcfs tree-wide
`s/0755/0750/g`) - the mode of the created directories was 0750 without it as
well.

>From a quick check on a VM setup on top of Debian Trixie the
permissions on the system were already 0750 - so this should only make
the actual mode explicitly visible, and should not cause unexpected
changes.

[0] https://lore.proxmox.com/pve-devel/s8o7brad0e6.fsf@toolbox/

Reported-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
Sending as RFC as I did not get around to test this enough (e.g.
installing on a fresh debian, before installing proxmox-ve)

 src/pmxcfs/pmxcfs.c |  6 +++---
 src/pmxcfs/status.c | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/pmxcfs/pmxcfs.c b/src/pmxcfs/pmxcfs.c
index d56f125..14f1168 100644
--- a/src/pmxcfs/pmxcfs.c
+++ b/src/pmxcfs/pmxcfs.c
@@ -848,8 +848,8 @@ int main(int argc, char *argv[]) {
 
     umask(027);
 
-    mkdir(VARLIBDIR, 0755);
-    mkdir(RUNDIR, 0755);
+    mkdir(VARLIBDIR, 0750);
+    mkdir(RUNDIR, 0750);
     chown(RUNDIR, 0, cfs.gid);
 
     if ((lockfd = open(LOCKFILE, O_RDWR | O_CREAT | O_APPEND, 0600)) == -1) {
@@ -927,7 +927,7 @@ int main(int argc, char *argv[]) {
 
     umount2(CFSDIR, MNT_FORCE);
 
-    mkdir(CFSDIR, 0755);
+    mkdir(CFSDIR, 0750);
 
     // TODO: remove big_writes with change to libfuse3
     char *fa[] = {"-f", "-odefault_permissions", "-oallow_other", "-obig_writes", NULL};
diff --git a/src/pmxcfs/status.c b/src/pmxcfs/status.c
index cb03e4e..bb68445 100644
--- a/src/pmxcfs/status.c
+++ b/src/pmxcfs/status.c
@@ -1287,10 +1287,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) {
         filename = g_strdup_printf(RRDDIR "/pve-node-9.0/%s", node);
 
         if (!g_file_test(filename, G_FILE_TEST_EXISTS)) {
-            checked_mkdir(RRDDIR "/pve-node-9.0", 0755);
+            checked_mkdir(RRDDIR "/pve-node-9.0", 0750);
 
             char *dir = g_path_get_dirname(filename);
-            checked_mkdir(dir, 0755);
+            checked_mkdir(dir, 0750);
             g_free(dir);
 
             int argcount = sizeof(rrd_def_node_pve9_0) / sizeof(void *) - 1;
@@ -1322,10 +1322,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) {
 
         if (!g_file_test(filename, G_FILE_TEST_EXISTS)) {
             // no dir exists yet, use new pve-vm-9.0
-            checked_mkdir(RRDDIR "/pve-vm-9.0", 0755);
+            checked_mkdir(RRDDIR "/pve-vm-9.0", 0750);
 
             char *dir = g_path_get_dirname(filename);
-            checked_mkdir(dir, 0755);
+            checked_mkdir(dir, 0750);
             g_free(dir);
 
             int argcount = sizeof(rrd_def_vm_pve9_0) / sizeof(void *) - 1;
@@ -1362,10 +1362,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) {
 
         if (!g_file_test(filename, G_FILE_TEST_EXISTS)) {
             // no dir exists yet, use new pve-storage-9.0
-            checked_mkdir(RRDDIR "/pve-storage-9.0", 0755);
+            checked_mkdir(RRDDIR "/pve-storage-9.0", 0750);
 
             char *dir = g_path_get_dirname(filename);
-            checked_mkdir(dir, 0755);
+            checked_mkdir(dir, 0750);
             g_free(dir);
 
             int argcount = sizeof(rrd_def_storage_pve9_0) / sizeof(void *) - 1;
-- 
2.47.3





^ permalink raw reply	[flat|nested] 2+ messages in thread

* applied: [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750
  2026-03-18 16:51 [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750 Stoiko Ivanov
@ 2026-03-18 17:08 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2026-03-18 17:08 UTC (permalink / raw)
  To: pve-devel, Stoiko Ivanov

On Wed, 18 Mar 2026 17:51:46 +0100, Stoiko Ivanov wrote:
> In a recent discussion on pve-devel[0] the question of why
> /run/pve-cluster has a mode of 0750 instead of 0755 provided for the
> mkdir call that creates it came up.
> 
> Sending this patch as it took me a while to find the reason - 3 lines
> above that mkdir call we set umask(027). (see mkdir(2) and umask(2)),
> which is effective for the whole process.
> 
> [...]

Applied, thanks!

[1/1] pmxcfs: explicitly set implicit mkdir mode to 0750
      commit: d4c537641a6041725afa4400c0c84910e40f73a5




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-18 17:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-18 16:51 [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750 Stoiko Ivanov
2026-03-18 17:08 ` applied: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal