[asterisk-dev] Asterisk crunches ACLs and umask by default, suggested fix

Ben Klang ben at alkaloid.net
Thu Feb 16 17:51:13 MST 2006


On Thursday 16 February 2006 15:47, Rod Dorman wrote:
> Well the first question that comes to mind is, Is there any down side?
> Is there any scenario where this wouldn't be the expected thing to do?
I have considered this quite a bit is and I feel this is the proper thing to 
do across the board.  The only files/directories that shouldn't be leave the 
permissions up to the operating system's default are files that contain 
potentially sensitive data.  I can see the argument for Voicemail wav files 
falling in this category.  However this can be addressed in two ways: 1: The 
default install will create the voicemail spool directory as non-world 
readable/executable and 2: the local system administrator can provide a 
tighter umask or default ACL.  Since the default for most systems' umask is 
022 and the mode flag only applies to newly created files, I think this is a 
much more sane default than the variety of modes that I replaced in the 
sources.

But this is just my opinion.  I may have missed something.
/BAK/
--
Ben Klang
Alkaloid Networks
ben at alkaloid.net
404.475.4850
http://projects.alkaloid.net



More information about the asterisk-dev mailing list