[fedfs-utils] [PATCH 03/13] libnsdb: Update mode bits for NSDB cert files
Chuck Lever
chuck.lever at oracle.com
Tue Jan 8 09:27:32 PST 2013
Cert files are never updated after they are created, so remove owner
write permission. As a clean-up, use a macro to define and label
the certificate file mode bits.
Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---
src/libnsdb/nsdb.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c
index 7ef39d3..e5fb09a 100644
--- a/src/libnsdb/nsdb.c
+++ b/src/libnsdb/nsdb.c
@@ -69,6 +69,11 @@
*/
#define NSDB_NCE_ENV "FEDFS_NSDB_NCE"
+/**
+ * Permission mode to use when creating certfiles
+ */
+#define FEDFS_CERTFILE_MODE (S_IRUSR|S_IRGRP|S_IROTH)
+
/**
* Stores pathname of directory containing FedFS persistent state
@@ -571,7 +576,7 @@ nsdb_new_certfile(const char *certdata, const unsigned int certlen,
}
fd = open(pathbuf, O_WRONLY | O_SYNC | O_CREAT | O_EXCL,
- S_IRUSR | S_IWUSR | S_IRGRP);
+ FEDFS_CERTFILE_MODE);
if (fd == -1) {
xlog(D_GENERAL, "%s: Failed to open %s: %m",
__func__, pathbuf);
More information about the fedfs-utils-devel
mailing list