[virt-tools-list] [PATCH] Don't create disk images world readable and executable
Ron
ron at debian.org
Tue Jul 1 16:43:41 UTC 2014
On Tue, Jul 01, 2014 at 10:11:49AM +0200, Martin Kletzander wrote:
>
> I just found out that the os.open() does create file with 755 (with
> the default umask), but when I use (the preferred) open() it creates
> it with 644. Still can't explain that, though.
The difference here is that os.open() calls open(2), while the
python open() function instead calls fopen(3).
The former is POSIX for low level I/O, that isn't generally portable
outside of POSIX systems, the latter is the portable C function for
stream I/O and knows nothing about filesystem permission bits, instead
having abstract 'mode' characters for indicating read/write/append use.
Since whether or not things can be flagged as 'executable' and how
is not a portable concept, if fopen(3) creates files it does so with
permission 0666 & ~umask on POSIX systems, and there is no way to
specify that more explicitly.
If we need to make files that should only be accessed by a privileged
user or group by default, then we'll need to use os.open() with an
appropriate mode specified for that.
Cheers,
Ron
More information about the virt-tools-list
mailing list