Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pkg: file stat warning #12242

Merged
merged 1 commit into from
Aug 24, 2020
Merged

pkg: file stat warning #12242

merged 1 commit into from
Aug 24, 2020

Conversation

spzala
Copy link
Member

@spzala spzala commented Aug 20, 2020

Provide warning and doc instead of enforcing file permission.

@spzala
Copy link
Member Author

spzala commented Aug 20, 2020

@jingyih @gyuho @xiang90 - please take a look to the changes. Thanks!

@@ -431,6 +431,9 @@ No. etcd doesn't encrypt key/value data stored on disk drives. If a user need to
* Let client applications encrypt and decrypt the data
* Use a feature of underlying storage systems for encrypting stored data like [dm-crypt]

### I’m seeing a log warning that "directory X exist without desired file permission -rwx------"
When etcd create certain new directories it sets file permission to 700 to prevent unprivileged access as possible. However, if user has already created a directory with own preference, different than 700, etcd uses the existing directory and logs the warning message.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jingyih we can doc it differently or modify the warning below per review comments. Thanks!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hexfusion
Copy link
Contributor

This makes a lot of sense thanks for making the change @spzala

if lg == nil {
lg = zap.NewExample()
}
lg.Warn("check file permission", zap.Error(err))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we make this warning more specific? Dir xxx already exist, but the permission is xxx. The recommend permission is xxx

Copy link
Member Author

@spzala spzala Aug 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xiang90 Yup, that makes sense. Changing it, so it will be like "directory "default.etcd" exist, but the permission is "drwxrwxrwx". The recommended permission is "-rwx------" to prevent possible unprivileged access to the data."

Provide warning and doc instead of enforcing file permission.
@xiang90
Copy link
Contributor

xiang90 commented Aug 24, 2020

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants