[GRASS5] GRASS 5 and sockets: default?

Eric G. Miller egm2 at jps.net
Mon Feb 19 13:28:36 EST 2001

On Mon, Feb 19, 2001 at 10:34:48AM -0700, Roger S. Miller wrote:
> On Mon, 19 Feb 2001, Eric G. Miller wrote:
> >
> > However, I like the $HOME/.grass5/ directory for other reasons.  There's
> > already the G_home(), so it's only a little bit of work to set up
> > element handling (e.g. subdirs).  I want to make sure ~/.grass5 is chmod
> > 4700 for a modicum of security.  Is there a reason we might want it
> > readable by processes not owned by the $USER?
> Perhaps I misunderstand, but wouldn't 4700 permissions allow access only
> to the owner of the directory?  That's might be nice and secure in a
> single-user setting, or where one must be logged in as the owner in order
> to use GRASS.  It doesn't seem like a good choice for general use.

Yes.  That home directory would only contain configs and other items
that are owned by the user (grassrc, tcltkgrassrc,
com/(x[0-6]|CELL|HTMLMAP), /tmp/<pid>.<num>).  Is there something in
there that should be readable by others?  One of my main concerns is
that it not be possible for malicious users to hijack tempfiles or
sockets.  While the tempfile names aren't easily predictable, the socket
names are fixed.  The only portable way I'm aware of to protect unix
sockets is to put them in a directory that has the sticky bit set and
only has permissions for the owner.  Some systems, like Linux, allow
umask or chmod to change the permissions on unix socket files.  Others,
some BSD's, always have world read/write on socket files (this is also
the POSIX spec. as I understand it).  Maybe that perms should be 1700
instead of 4700 (now that I think about it...).

There should be no problem for multiuser, as each GRASS user would have
their own $HOME/.grass directory.  That is, even if you're accessing a
mapset you don't own, your socket files and config files would be your
own.  Perhaps I'm still a little confused about how grass locks sessions
and mapsets...  Guess the ~/.gislock5 file would still live outside the 
$HOME/.grass directory.  Perhaps, only the ~/.grass/com and ~/.grass/tmp
directories need the security protection?

Eric G. Miller <egm2 at jps.net>

If you want to unsubscribe from GRASS Development Team mailing list write to:
minordomo at geog.uni-hannover.de with
subject 'unsubscribe grass5'

More information about the grass-dev mailing list