-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set default umask of 0027 for all Beats-created files #14119
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
libbeat/cmd/instance/umask_other.go
Outdated
|
||
import "syscall" | ||
|
||
func setUmask(newmask int) int { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should return an error instead of a number. See: syscall.Errno for example.
libbeat/cmd/instance/beat.go
Outdated
@@ -147,6 +147,7 @@ func initRand() { | |||
// instance. | |||
// XXX Move this as a *Beat method? | |||
func Run(settings Settings, bt beat.Creator) error { | |||
setUmaskWithSettings(settings) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we log failures? E.g. add an ErrNotImplemented and only log if err != nil && err != ErrNotImplemented
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I think this is a good idea. Thanks, will implement.
implementation look good, I would be + to add @urso comment. |
|
||
func setUmask(newmask int) error { | ||
// No way to set umask on Windows | ||
return types.ErrNotImplemented |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an internal error. We should not reuse sentinal errors from 3rd party packages (packages vendored by beats).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, wasn't sure about whether this was a good idea or not. Will change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ycombinator the code LGTM but can you add a changelog?
Thanks, 🤦♂, I keep forgetting to do that! |
Travis CI is green. All jobs except So merging this PR. |
…14216) * Set default umask of 0027 for all Beats-created files (#14119) * Set umask of 027 (on non-windows systems) for all Beats-created files * Fixing comment * Update tests * Updating docs for filebeat.registry.file_permissions * Denoting octal * Allow beats to override umask * Removing accidentally-committed file * Adding system test for default umask * Make setUmask return error * Defining ErrNotImplemented locally * Defining not implemented error locally * Fixing typo * Skip umask test on Windows * Adding missed imports * Adding CHANGELOG entry * Fixing up CHANGELOG
How does this affect the "file" output as I have been unable to make log file of 0644 and I figured this was why? |
@tomrade I just tested this with an older version of Metricbeat (version 7.2.0, released before the change in this PR was made). And I also tested the latest version of Metricbeat (built from |
* Set umask of 027 (on non-windows systems) for all Beats-created files * Fixing comment * Update tests * Updating docs for filebeat.registry.file_permissions * Denoting octal * Allow beats to override umask * Removing accidentally-committed file * Adding system test for default umask * Make setUmask return error * Defining ErrNotImplemented locally * Defining not implemented error locally * Fixing typo * Skip umask test on Windows * Adding missed imports * Adding CHANGELOG entry
Would be good to document these kind of changes |
…sk (#20584) (#28347) (#29503) Changes implemented in the (#14119) made all Beats-created files and folders apply an umask of 0027 (on POSIX systems). Co-authored-by: dplavcic <dplavcic@users.noreply.github.com> (cherry picked from commit ecd68db) Co-authored-by: Dalibor P <9079844+dplavcic@users.noreply.github.com>
…14119) (elastic#14216) * Set default umask of 0027 for all Beats-created files (elastic#14119) * Set umask of 027 (on non-windows systems) for all Beats-created files * Fixing comment * Update tests * Updating docs for filebeat.registry.file_permissions * Denoting octal * Allow beats to override umask * Removing accidentally-committed file * Adding system test for default umask * Make setUmask return error * Defining ErrNotImplemented locally * Defining not implemented error locally * Fixing typo * Skip umask test on Windows * Adding missed imports * Adding CHANGELOG entry * Fixing up CHANGELOG
Resolves #14005
This PR sets a default umask of
0027
on non-Windows systems for all Beats. An individual Beat may choose to override this default umask via thelibbeat/cmd/instance.Settings.Umask
field.This means that, by default:
0640
permissions, and0750
permissions.