[GRASS-dev] mapset permissions: only owner should have write permissions

[Glynn Clements]

Markus Metz wrote:

> >From within GRASS, only the owner of a mapset is allowed to start a
> GRASS session in this mapset, i.e. only the owner of a mapset has
> write permissions to this mapset. But a new mapset being a folder in
> the file system is created with mode 0777, thus granting write
> permissions to all. I suggest to change mode from 0777 to 0755 in
> G_mkdir() and add mode = 0755 in gis_set.py. Any objections?

I don't see why GRASS should be special in this regard.

The convention is that programs should allow the user to control read
and write permissions via the umask, while execute permission is
determined by the program.

But the umask can only remove permissions, not add them. So in order
for the permissions to be fully under the control of the user,
programs must use 0777 for directories and executable files, and 0666
for non-executable files.

Programs creating files containing particularly-sensitive information
(e.g. encryption keys) may reasonably impose more restrictive
permissions. Complex programs may allow permissions to be configured
via options and/or configuration files if the umask is too blunt an
instrument (i.e. the program creates different categories of file or
directory, and the desired permissions are likely to differ by
category).

GRASS already includes its own ownership check to prevent users from
shooting each other in the foot with shared directories (by creating
subdirectories which the owner cannot remove). So I don't really see
any reason to enforce the policy a second time through filesystem
permissions.

-- 
Glynn Clements <glynn at gclements.plus.com>