Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change default umask when creating dirctories (LP: #2076319) #497

Merged
merged 1 commit into from
Aug 13, 2024
Merged

Change default umask when creating dirctories (LP: #2076319) #497

merged 1 commit into from
Aug 13, 2024

Conversation

rmalz-c
Copy link
Contributor

@rmalz-c rmalz-c commented Aug 8, 2024
edited by slyon
Loading

Description

fixes: lp2076319

Checklist

  • Runs make check successfully.
  • Retains 100% code coverage (make check-coverage).
  • New/changed keys in YAML format are documented.
  • (Optional) Adds example YAML for new feature.
  • (Optional) Closes an open bug in Launchpad. LP#2076319

@daniloegea
Copy link
Collaborator

Thank you for reporting the problem and for the fix.

I was inclined to set the group of /run/systemd/network to systemd-network and avoid relying on umask. But we are also trying to not query for users/groups from the netplan generator (this is another thing we must fix).

May I ask you to improve the commit log a little and describe why this change is important?

@rmalz-c
Change default umask when creating dirctories
bbee680 
Security best practices recommend changing the default umask from 022
to 027 to harden systems. However, when users set umask to 027,
netplan creates directories with permissions that are not accessible
to backends like systemd-network, resulting in issues during network
configuration.

This patch ensures that netplan generates directories with a 0755
mask, regardless of the user's umask.

fixes: lp2076319
@rmalz-c
Copy link
Contributor Author

rmalz-c commented Aug 12, 2024

Added proper description in commit msg

@slyon slyon added community This PR has been proposed by somebody outside of the Netplan team and roadmap commitments. Canonical by Canonical employees outside the Netplan team labels Aug 12, 2024
@slyon slyon changed the title Change default umask when creating dirctories Change default umask when creating dirctories (LP: #2076319) Aug 12, 2024
slyon
slyon approved these changes Aug 13, 2024
View reviewed changes
Copy link
Collaborator

@slyon slyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much for your contribution to Netplan!

The change LGTM and indeed resembles what we used to do in previous versions of Netplan. I agree with Danilo that (for now) it is safer to change umask instead of querying users/groups from inside the generator.

@slyon slyon merged commit 62bb680 into canonical:main Aug 13, 2024
16 checks passed
@slyon slyon added the stable Might be merged in a stable branch label Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slyon slyon slyon approved these changes

Assignees
No one assigned
Labels
Canonical by Canonical employees outside the Netplan team community This PR has been proposed by somebody outside of the Netplan team and roadmap commitments. stable Might be merged in a stable branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rmalz-c @daniloegea @slyon