vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/cce/umn/cce_faq_00230.html
Dong, Qiu Jian e11d42fad0 CCE UMN update -20230818 version 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2023-12-08 10:20:34 +00:00

22 lines
3.3 KiB
HTML
Raw Blame History

<a name="cce_faq_00230"></a><a name="cce_faq_00230"></a>
<h1 class="topictitle1">How Do I Set the umask Value for a Container?</h1>
<div id="body8662426"><div class="section" id="cce_faq_00230__en-us_topic_0161035941_section5101181517720"><h4 class="sectiontitle">Symptom</h4><p id="cce_faq_00230__en-us_topic_0161035941_p92717234715">A container is started in <strong id="cce_faq_00230__b10165174535">tailf /dev/null</strong> mode and the directory permission is <strong id="cce_faq_00230__b037012126138">700</strong> after the startup script is manually executed. If the container is started by Kubernetes itself without <strong id="cce_faq_00230__b44141515148">tailf</strong>, the obtained directory permission is <strong id="cce_faq_00230__b87111229101319">751</strong>.</p>
</div>
<div class="section" id="cce_faq_00230__en-us_topic_0161035941_section1614315165317"><h4 class="sectiontitle">Solution</h4><p id="cce_faq_00230__p1729115011716">The reason is that the umask values set in the preceding two startup modes are different. Therefore, the permissions on the created directories are different.</p>
<p id="cce_faq_00230__p972910505713">The umask value is used to set the default permission for a newly created file or directory. If the umask value is too small, group users or other users will have excessive permissions, posing security threats to the system. Therefore, the default umask value for all users is set to <strong id="cce_faq_00230__b15478519181419">0077</strong>. That is, the default permission on directories created by users is <strong id="cce_faq_00230__b81411914191712">700</strong>, and the default permission on files is <strong id="cce_faq_00230__b15869101721719">600</strong>.</p>
<p id="cce_faq_00230__p18729150872">You can add the following content to the startup script to set the permission on the created directory to <strong id="cce_faq_00230__b15603102531714">700</strong>:</p>
<ol id="cce_faq_00230__ol42271318142119"><li id="cce_faq_00230__li122781812210">1. Add <strong id="cce_faq_00230__b1347715271569">umask 0077</strong> to the <strong id="cce_faq_00230__b347792712616">/etc/bashrc</strong> file and all files in <strong id="cce_faq_00230__b84776271767">/etc/profile.d/</strong>. </li><li id="cce_faq_00230__li42536396224">Run the following command:<pre class="screen" id="cce_faq_00230__screen12511339182215">echo "umask 0077" &gt;&gt; $FILE</pre>
<div class="note" id="cce_faq_00230__note1442944220219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_faq_00230__p443084222111"><em id="cce_faq_00230__i995134017719">FILE</em> indicates the file name, for example, <strong id="cce_faq_00230__b379011118188">echo "umask 0077" &gt;&gt; /etc/bashrc</strong>.</p>
</div></div>
</li><li id="cce_faq_00230__li2227201832114">Set the owner and group of the <strong id="cce_faq_00230__b45841507713">/etc/bashrc</strong> file and all files in <strong id="cce_faq_00230__b145842050478">/etc/profile.d/</strong> to <strong id="cce_faq_00230__b35842501710">root</strong>.</li><li id="cce_faq_00230__li19227918102116">Run the following command:<pre class="screen" id="cce_faq_00230__screen93401817192310">chown root.root $FILE</pre>
</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_faq_00095.html">Container Configuration</a></div>
</div>
</div>
View Git Blame Copy Permalink