From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id B99DF1FF138 for ; Wed, 18 Mar 2026 17:55:00 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0DFE774B3; Wed, 18 Mar 2026 17:55:15 +0100 (CET) From: Stoiko Ivanov To: pve-devel@lists.proxmox.com Subject: [RFC PATCH cluster] pmxcfs: explicitly set implicit mkdir mode to 0750 Date: Wed, 18 Mar 2026 17:51:46 +0100 Message-ID: <20260318165504.698579-1-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1773852867187 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.163 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: FXHN3YUUZUUVKLYGIPK6NEFTM3D2VZYI X-Message-ID-Hash: FXHN3YUUZUUVKLYGIPK6NEFTM3D2VZYI X-MailFrom: s.ivanov@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: In a recent discussion on pve-devel[0] the question of why /run/pve-cluster has a mode of 0750 instead of 0755 provided for the mkdir call that creates it came up. Sending this patch as it took me a while to find the reason - 3 lines above that mkdir call we set umask(027). (see mkdir(2) and umask(2)), which is effective for the whole process. The patch is effectively purely cosmetic (and basically a pmxcfs tree-wide `s/0755/0750/g`) - the mode of the created directories was 0750 without it as well. >>From a quick check on a VM setup on top of Debian Trixie the permissions on the system were already 0750 - so this should only make the actual mode explicitly visible, and should not cause unexpected changes. [0] https://lore.proxmox.com/pve-devel/s8o7brad0e6.fsf@toolbox/ Reported-by: Maximiliano Sandoval Signed-off-by: Stoiko Ivanov --- Sending as RFC as I did not get around to test this enough (e.g. installing on a fresh debian, before installing proxmox-ve) src/pmxcfs/pmxcfs.c | 6 +++--- src/pmxcfs/status.c | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/pmxcfs/pmxcfs.c b/src/pmxcfs/pmxcfs.c index d56f125..14f1168 100644 --- a/src/pmxcfs/pmxcfs.c +++ b/src/pmxcfs/pmxcfs.c @@ -848,8 +848,8 @@ int main(int argc, char *argv[]) { umask(027); - mkdir(VARLIBDIR, 0755); - mkdir(RUNDIR, 0755); + mkdir(VARLIBDIR, 0750); + mkdir(RUNDIR, 0750); chown(RUNDIR, 0, cfs.gid); if ((lockfd = open(LOCKFILE, O_RDWR | O_CREAT | O_APPEND, 0600)) == -1) { @@ -927,7 +927,7 @@ int main(int argc, char *argv[]) { umount2(CFSDIR, MNT_FORCE); - mkdir(CFSDIR, 0755); + mkdir(CFSDIR, 0750); // TODO: remove big_writes with change to libfuse3 char *fa[] = {"-f", "-odefault_permissions", "-oallow_other", "-obig_writes", NULL}; diff --git a/src/pmxcfs/status.c b/src/pmxcfs/status.c index cb03e4e..bb68445 100644 --- a/src/pmxcfs/status.c +++ b/src/pmxcfs/status.c @@ -1287,10 +1287,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) { filename = g_strdup_printf(RRDDIR "/pve-node-9.0/%s", node); if (!g_file_test(filename, G_FILE_TEST_EXISTS)) { - checked_mkdir(RRDDIR "/pve-node-9.0", 0755); + checked_mkdir(RRDDIR "/pve-node-9.0", 0750); char *dir = g_path_get_dirname(filename); - checked_mkdir(dir, 0755); + checked_mkdir(dir, 0750); g_free(dir); int argcount = sizeof(rrd_def_node_pve9_0) / sizeof(void *) - 1; @@ -1322,10 +1322,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) { if (!g_file_test(filename, G_FILE_TEST_EXISTS)) { // no dir exists yet, use new pve-vm-9.0 - checked_mkdir(RRDDIR "/pve-vm-9.0", 0755); + checked_mkdir(RRDDIR "/pve-vm-9.0", 0750); char *dir = g_path_get_dirname(filename); - checked_mkdir(dir, 0755); + checked_mkdir(dir, 0750); g_free(dir); int argcount = sizeof(rrd_def_vm_pve9_0) / sizeof(void *) - 1; @@ -1362,10 +1362,10 @@ static void update_rrd_data(const char *key, gconstpointer data, size_t len) { if (!g_file_test(filename, G_FILE_TEST_EXISTS)) { // no dir exists yet, use new pve-storage-9.0 - checked_mkdir(RRDDIR "/pve-storage-9.0", 0755); + checked_mkdir(RRDDIR "/pve-storage-9.0", 0750); char *dir = g_path_get_dirname(filename); - checked_mkdir(dir, 0755); + checked_mkdir(dir, 0750); g_free(dir); int argcount = sizeof(rrd_def_storage_pve9_0) / sizeof(void *) - 1; -- 2.47.3