michael-o commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-736761640
> > > > > To be in any way useful the socket must be writable, and to do that it either needs to default to being writable, or needs to explicitly set as writable with at least `pathPermissions="rw-rw----"`. > > > > > > So not to undermine the default umask, are we good to take your `pathPermissions="rw-rw----"` proposal? > > I'm not following - the umask makes no sense, not even as a default, so we have to override the umask to make it work at all. > > I think a sensible approach is "defaults to the same behaviour as localhost, visible to all on the box, while offering posixPermissions to the unix people, and a protected parent directory for the windows people." > > That's where we stand now. OK, my slight counter proposal is not use `rw-rw-rw-` as default, but `rw-rw----` because this would reflect the default umask of 027, i.e, not to create anything world readable. For those who need more permissions, they can supply a custom string. I also do understand that localhost is open for everyone on that box, but isn't that the whole point of UDS to have more control of the socket? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
