Fix the incorrect & pesky 'stash is runnin with a scary umask' message on startup

XMLWordPrintable

      and earlier versions

      There were two other issues referencing Stash and Umask - STASH-3088 and STASH-4781 - neither of those seemed to address my (minor) annoyance.

      Every time I start Stash up I'm chided with this pesky message that contradicts itself, is incorrect, and while fearful of ridicule by bringing it up ultimately quite annoying. The message goes something like this:

      -------------------------------------------------------------------------------
      Stash is being run with a umask that contains potentially unsafe settings.
      The following issues were found with the mask "u=rwx,g=rx,o=" (0027):

      • access is allowed to 'others'. It is recommended that 'others' be denied
        all access for security reasons.
      • write access is allowed to 'group'. It is recommend that 'group' be
        denied write access. Read access to a restricted group is recommended
        to allow access to the logs.
      • full access has been denied to 'user'. Stash cannot be run without full
        access being allowed.

      The recommended umask for Stash is "u=,g=w,o=rwx" (0027) and can be
      configured in setenv.sh
      -------------------------------------------------------------------------------

      Now - I'm as attentive as the next guy WRT security warnings and ones I have to continually ignore BTF out of me. looking at two lines in the message:

      1. The following issues were found with the mask "u=rwx,g=rx,o=" (0027):
      2. The recommended umask for Stash is "u=,g=w,o=rwx" (0027) and ...(more on the rest of this sentence later)

      The UNIXy deal taking care of comparing the UMASK value isn't XORing the mask (at first guess) to get it's opposite prior to listing out all the criminally insane permissions said UMASK would unleash upon the unsuspecting world.

      Like I said initially, this is but a piffle of an issue but one more I think you should put on the list as being 'worthy'.

      Thanks,
      -wc

      oh yea - environment is ubuntu server 13.10 and the 'proper' (i.e. Mark Shuttleworth approved sanctioned and whatever) way to alter the umask for the system (all users) is to modify /etc/login.defs as so:

      sed -ie 's/\(UMASK\s.\)\(0027\)/\1 0027/g' /etc/login.defs

      (accepting, of course, that the above example is stupid as the value is already set to 0027 and you'd have to look for 3-4 sequential digits instead)

      Of course, Mark (who I don't know, I just dislike his approach to UI options) probably wouldn't like either but oh well. I've beat this poor horse to death.
      -wc

            Assignee:
            Unassigned
            Reporter:
            William Crighton [CCC]
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: