[GRASS-dev] mapset permissions: only owner should have write permissions

[Glynn Clements]

Markus Metz wrote:

> > The convention is that programs should allow the user to control read
> > and write permissions via the umask, while execute permission is
> > determined by the program.
> 
> In this case, would it be ok to enforce umask to 0022 in the start up script?

Not literally. Those two bits can be *added*, i.e. it can be increased
from e.g. 002 to 022, but if it starts out at e.g. 077, it shouldn't
be lowered to 022.

Changing the umask in the startup script is an improvement over
forcing the mode in the code, as the user can always just change it
back again.

> > Programs creating files containing particularly-sensitive information
> > (e.g. encryption keys) may reasonably impose more restrictive
> > permissions.
> 
> With grass data on a network drive with multi-user access, I would
> regard e.g. the contents of the PERMANENT mapset as
> particularly-sensitive information.

Plenty of sites will treat PERMANENT as public data, to be shared by
all users.

The cases where forced 0600 is reasonable are those where the data is
invariably private, i.e. passwords and encryption keys.

-- 
Glynn Clements <glynn at gclements.plus.com>