Influxdb: Inconsistent file permissions
Sometimes we make directories 0700, sometimes 0777:
→ git grep -w ' 0[0-9][0-9][0-9]' | grep '.go:' | grep -v _test.go | grep dir
cmd/influxd/restore/restore.go: if err := os.MkdirAll(filepath.Dir(path), 0777); err != nil {
cmd/influxd/run/command.go: err := os.MkdirAll(filepath.Dir(path), 0777)
meta/store.go: return os.MkdirAll(s.path, 0777)
services/hh/node_processor.go: if err := os.MkdirAll(n.dir, 0700); err != nil {
services/hh/service.go: if err := os.MkdirAll(s.cfg.Dir, 0700); err != nil {
tsdb/engine/tsm1/engine.go: if err := os.MkdirAll(e.path, 0777); err != nil {
tsdb/engine/tsm1/wal.go: if err := os.MkdirAll(l.path, 0777); err != nil {
tsdb/engine/wal/wal.go: if err := os.MkdirAll(l.path, 0777); err != nil {
tsdb/store.go: if err := os.MkdirAll(filepath.Join(s.path, database, retentionPolicy), 0700); err != nil {
tsdb/store.go: if err := os.MkdirAll(walPath, 0700); err != nil {
tsdb/store.go: if err := os.MkdirAll(s.path, 0777); err != nil {
We usually use 0666 for files, with some exceptions from the CLI history, Raft's peers.json, and the hinted handoff queue.
→ git grep -w ' 0[0-9][0-9][0-9]' | grep '.go:' | grep -v _test.go | grep -i file | grep -vi mkdir
cmd/influx/cli/cli.go: if c.historyFile, err = os.OpenFile(historyFilePath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0640); err == nil {
cmd/influx_inspect/tsm.go: f, err := os.OpenFile(filepath.Join(path, FieldsFileExtension), os.O_RDONLY, 0666)
cmd/influx_inspect/tsm.go: f, err := os.OpenFile(filepath.Join(path, SeriesFileExtension), os.O_RDONLY, 0666)
cmd/influx_inspect/tsm.go: f, err := os.OpenFile(filepath.Join(path, IDsFileExtension), os.O_RDONLY, 0666)
cmd/influxd/run/command.go: if err := ioutil.WriteFile(path, []byte(pid), 0666); err != nil {
meta/state.go: return ioutil.WriteFile(filepath.Join(r.store.path, "peers.json"), buf.Bytes(), 0755)
meta/store.go: return ioutil.WriteFile(s.IDPath(), []byte(strconv.FormatUint(id, 10)), 0666)
services/hh/queue.go: f, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0600)
tsdb/engine/tsm1/cache.go: f, err := os.OpenFile(fn, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/tsm1/compact.go: fd, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/tsm1/file_store.go: file, err := os.OpenFile(fn, os.O_RDONLY, 0666)
tsdb/engine/tsm1/wal.go: fd, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: f, err := os.OpenFile(fileName, os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: l.metaFile, err = os.OpenFile(nextFileName, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: ff, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: f, err := p.os.OpenCompactionFile(path, os.O_RDWR, 0666)
tsdb/engine/wal/wal.go: f, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0666)
mark-rushakoff
All 6 comments
We should always set 0666 for files and 0777 for directories and let users adjust permissions via umask.
benbjohnson
on 21 Dec 2015
I would like my directories to be group- or world-readable, so I greatly welcome making this controllable via umask.
nicolas17
on 8 Mar 2017
Since we use a Telegraf plugin to monitor the dirsize of InfluxDB, we also need umask functionality (preferably in the influxdb conf file). We added user telegraf to user group influxdb, but new influxdb directories get 700 flags (_InfluxDB version 1.2.2_). As a workaround, we now have a cron job that does a chmod -R g+rX /var/lib/influxdb/data each 10 minutes. Ugly, but necessary atm.
tw-bert
on 6 Jun 2017
This also affects the backup command, which probably has more impact than the internal storage. Version 1.8.
err = os.MkdirAll(cmd.path, 0700)
out, err := os.OpenFile(filepath.Join(cmd.path, filename), os.O_CREATE|os.O_RDWR, 0600)
pseudocoder
on 5 Jun 2019
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 3 Sep 2019
This issue has been automatically closed because it has not had recent activity. Please reopen if this issue is still important to you. Thank you for your contributions.
stale[bot]
on 10 Sep 2019
Related issues
jonira
·
4Comments
airyland
·
3Comments
robinjha
·
3Comments
Witee
·
3Comments
deepujain
·
3Comments