Thanks Sebastien, and Chiradeep, I've already push a commit to remove the code. If someone explain the reason why we need it, I'll revert my code or make additional patch.
2014-06-02 11:02 GMT-06:00 Chiradeep Vittal <chiradeep.vit...@citrix.com>: > No idea, but +1 on removing it. > > From: Sebastien Goasguen <run...@gmail.com<mailto:run...@gmail.com>> > Date: Monday, June 2, 2014 at 12:16 AM > To: "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>" > <dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>>, Alex Huang > <alex.hu...@citrix.com<mailto:alex.hu...@citrix.com>>, Chiradeep Vittal > <chiradeep.vit...@citrix.com<mailto:chiradeep.vit...@citrix.com>> > Subject: Re: Why does cloudstack-setup-management make /root writable? > > > On May 31, 2014, at 11:14 AM, Milamber > <milam...@apache.org<mailto:milam...@apache.org>> wrote: > > A related ticket has been open in Jira > https://issues.apache.org/jira/browse/CLOUDSTACK-6673 > > Let me copy Alex and Chiradeep, they might have some background about this. > > Le 31/05/2014 08:27, ilya musayev a ecrit : > I really dont know why. I guess we can figure out who made the commit and ask > for rationale on this, but i'm not aware of any reason why /root must be 777. > Big security hole in my opinion. > I'd say to give it a try in your env first, if your tests pass, commit. > On 5/31/14, 12:06 AM, Yoshikazu Nojima wrote: > Hi, > Does anyone know the reason why cloudstack-setup-management make /root > directory mode 777 in ubuntu? > https://github.com/apache/cloudstack/blob/master/python/lib/cloudutils/serviceConfig.py#L767 > If no one have objection, I will remove this code. > Regards, > Noji > >
