out_file: don't create world writable directory in daemon mode

How to reproduce: Create the following config file as file-fluentd.conf: <source> type forward </source> <match **> type file path /tmp/x/y/z/a </match> Start fluentd: % ruby -I lib bin/fluentd -c file-fluentd.conf --daemon fluentd.pid Check permission of /tmp/x: % stat /tmp/x | grep Access Access: (0777/drwxrwxrwx) Uid: ( 1000/ kou) Gid: ( 1000/ kou) Access: 2014-11-21 17:15:59.898444064 +0900 Permission is "0777/drwxrwxrwx". Because daemon mode changes umask to `0000`. (It's natural for daemon.)
fluent · Nov 21, 2014 · 19ae3d9 · 19ae3d9
1 parent 8c7bc1c
commit 19ae3d9
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/lib/fluent/env.rb b/lib/fluent/env.rb
@@ -20,4 +20,5 @@ module Fluent
   DEFAULT_SOCKET_PATH = ENV['FLUENT_SOCKET'] || '/var/run/fluent/fluent.sock'
   DEFAULT_LISTEN_PORT = 24224
   DEFAULT_FILE_PERMISSION = 0644
+  DEFAULT_DIR_PERMISSION = 0755
 end
diff --git a/lib/fluent/plugin/buf_file.rb b/lib/fluent/plugin/buf_file.rb
@@ -114,7 +114,7 @@ def configure(conf)
     end
 
     def start
-      FileUtils.mkdir_p File.dirname(@buffer_path_prefix + "path")
+      FileUtils.mkdir_p File.dirname(@buffer_path_prefix + "path"), :mode => DEFAULT_DIR_PERMISSION
       super
     end
 

diff --git a/lib/fluent/plugin/out_file.rb b/lib/fluent/plugin/out_file.rb
@@ -73,7 +73,7 @@ def format(tag, time, record)
 
     def write(chunk)
       path = generate_path(chunk)
-      FileUtils.mkdir_p File.dirname(path)
+      FileUtils.mkdir_p File.dirname(path), :mode => DEFAULT_DIR_PERMISSION
 
       case @compress
       when nil