From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keir Fraser Subject: Re: PATCH: Remove execute permission from xend-debug.log Date: Tue, 24 Apr 2007 23:08:16 +0100 Message-ID: References: <20070424214524.GF2018@fc.hp.com> Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20070424214524.GF2018@fc.hp.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Aron Griffis , "Daniel P. Berrange" , xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On 24/4/07 22:45, "Aron Griffis" wrote: >>> The file /var/log/xen/xend-debug.log is currently being created with >>> executable permission bits set. This is because the os.open() method >>> defaults to using a mode of 0777 if no third parameter is provided. >>> The attached patch changes the mode to 0600 to ensure that the file >>> permissions come out as -rw------- instead of -rwxr-xr-x >> >> Doesn't os.open default to 0777 & ~umask? Doesn't seem like xend >> should be overriding root's umask > > Seems that the patch should be using 0666 instead of 0600 so that > umask can affect group/other perms. At the very least it should use > 0664. Xen-debug.log is the only file in /var/log/xen getting created with +x permissions, so something is obviously up. Arguably we can get rid of xend-debug.log entirely -- I don't believe anything ever gets logged there these days. I took the patch because 0600 seems saner than 0755. -- Keir