Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-5576

Expand permission check on maxctrl.cnf to maxscale group

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • None
    • maxctrl
    • None

    Description

      If user which executes

      "maxctrl -c"

      It is only be possible, if maxctrl.cnf have permission on user level.

      otherwise error is thrown

      Error: /tmp/maxctrl.cnf exists, but can be accessed by group and world. Remove all rights from everyone else but owner

      This is hard limited in the code:

      // As the file may contain a password, we are picky about the bits.
      		 
        if ((stats.mode & 31) != 0) {
      		 
          throw Error(
      		 
            "Error: " +
      		 
              filename +
      		 
              " exists, but can be accessed by group and world." +
      		 
              " Remove all rights from everyone else but owner"
      		 
          );
      		 
        }

      With expanding to maxscale group , it is secure enough and every user , which added to maxsacale group can access to maxctrl.cnf with "maxctrl -c"

      Error: /tmp/maxctrl.cnf exists, but can be accessed by group and world. Remove all rights from everyone else but owner

      Attachments

        Activity

          There are no comments yet on this issue.

          People

            Unassigned Unassigned
            Richard Richard Stracke
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.