Merge bitcoin/bitcoin#17127: util: Set safe permissions for data directory and wallets/ subdir

c9ba4f9ecb test: Add test for file system permissions (Hennadii Stepanov) 581f16ef34 Apply default umask in `SetupEnvironment()` (Hennadii Stepanov) 8a6219e543 Remove `-sysperms` option (Hennadii Stepanov) Pull request description: On master (1e7564eca8) docs say: ``` $ ./src/bitcoind -help | grep -A 3 sysperms -sysperms Create new files with system default permissions, instead of umask 077 (only effective with disabled wallet functionality) ``` Basing on that, one could expect that running `bitcoind` first time will create data directory and `wallets/` subdirectory with safe 0700 permissions. But that is not the case: ``` $ stat .bitcoin | grep id Access: (0775/drwxrwxr-x) Uid: ( 1000/ hebasto) Gid: ( 1000/ hebasto) $ stat .bitcoin/wallets | grep id Access: (0775/drwxrwxr-x) Uid: ( 1000/ hebasto) Gid: ( 1000/ hebasto) ``` Both directories, in fact, are created with system default permissions. With this PR: ``` $ stat .bitcoin/wallets | grep id Access: (0700/drwx------) Uid: ( 1000/ hebasto) Gid: ( 1000/ hebasto) $ stat .bitcoin/wallets | grep id Access: (0700/drwx------) Uid: ( 1000/ hebasto) Gid: ( 1000/ hebasto) ``` --- This PR: - is alternative to bitcoin/bitcoin#13389 - fixes bitcoin/bitcoin#15902 - fixes bitcoin/bitcoin#22595 - closes bitcoin/bitcoin#13371 - reverts bitcoin/bitcoin#4286 Changes in behavior: removed `-sysperms` command-line argument / configure option. The related discussions are here: - https://github.com/bitcoin/bitcoin/pull/13389#issuecomment-395306690 - https://github.com/bitcoin/bitcoin/pull/13389#issuecomment-539906114 - https://github.com/bitcoin/bitcoin/pull/13389#discussion_r279160472 If users rely on non-default access permissions, they could use `chmod`. ACKs for top commit: john-moffett: ACK c9ba4f9ecb willcl-ark: ACK c9ba4f9ecb Tree-SHA512: 96c745339e6bd0e4d7bf65daf9a721e2e1945b2b0ab74ca0f66576d0dc358b5de8eb8cdb89fe2160f3b19c39d2798bb8b291784316085dc73a27102d3415bd57
2026-01-18 22:35:39 +01:00 · 2023-02-07 10:38:58 +00:00
parent 5a80086ec2 c9ba4f9ecb
commit 6e08e5cb5c
9 changed files with 57 additions and 15 deletions
--- a/test/functional/feature_posix_fs_permissions.py
+++ b/test/functional/feature_posix_fs_permissions.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+# Copyright (c) 2022 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+"""Test file system permissions for POSIX platforms.
+"""
+
+import os
+import stat
+
+from test_framework.test_framework import BitcoinTestFramework
+
+
+class PosixFsPermissionsTest(BitcoinTestFramework):
+    def set_test_params(self):
+        self.setup_clean_chain = True
+        self.num_nodes = 1
+
+    def skip_test_if_missing_module(self):
+        self.skip_if_platform_not_posix()
+
+    def check_directory_permissions(self, dir):
+        mode = os.lstat(dir).st_mode
+        self.log.info(f"{stat.filemode(mode)} {dir}")
+        assert mode == (stat.S_IFDIR | stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
+
+    def check_file_permissions(self, file):
+        mode = os.lstat(file).st_mode
+        self.log.info(f"{stat.filemode(mode)} {file}")
+        assert mode == (stat.S_IFREG | stat.S_IRUSR | stat.S_IWUSR)
+
+    def run_test(self):
+        self.stop_node(0)
+        datadir = os.path.join(self.nodes[0].datadir, self.chain)
+        self.check_directory_permissions(datadir)
+        walletsdir = os.path.join(datadir, "wallets")
+        self.check_directory_permissions(walletsdir)
+        debuglog = os.path.join(datadir, "debug.log")
+        self.check_file_permissions(debuglog)
+
+
+if __name__ == '__main__':
+    PosixFsPermissionsTest().main()
--- a/test/functional/test_framework/test_framework.py
+++ b/test/functional/test_framework/test_framework.py
@@ -880,6 +880,11 @@ class BitcoinTestFramework(metaclass=BitcoinTestMetaClass):
        if platform.system() != "Linux":
            raise SkipTest("not on a Linux system")

+    def skip_if_platform_not_posix(self):
+        """Skip the running test if we are not on a POSIX platform"""
+        if os.name != 'posix':
+            raise SkipTest("not on a POSIX system")
+
    def skip_if_no_bitcoind_zmq(self):
        """Skip the running test if bitcoind has not been compiled with zmq support."""
        if not self.is_zmq_compiled():
--- a/test/functional/test_runner.py
+++ b/test/functional/test_runner.py
@@ -211,6 +211,7 @@ BASE_SCRIPTS = [
    'p2p_addrv2_relay.py',
    'p2p_compactblocks_hb.py',
    'p2p_disconnect_ban.py',
+    'feature_posix_fs_permissions.py',
    'rpc_decodescript.py',
    'rpc_blockchain.py',
    'rpc_deprecated.py',