Hello Team,

For your awareness, I was just creating a new issue:

https://github.com/cloudfoundry/bosh-agent/issues/38


Hello Team,
we are facing issues with insufficient access rights on /tmp which are set
to 0770 by default and 0700 on /var/tmp.


We figured out that the following line calls a function that sets the
access to /tmp to 0770:
https://github.com/cloudfoundry/bosh-agent/blob/master/platform/linux_platform.go#L663


func (p linux) changeTmpDirPermissions(path string) error {
_, _, _, err := p.cmdRunner.RunCommand("chown", "root:vcap", path)
if err != nil {
return bosherr.WrapErrorf(err, "chown %s", path)
}


_, _, _, err = p.cmdRunner.RunCommand("chmod", "0770", path)
if err != nil {
return bosherr.WrapErrorf(err, "chmod %s", path)
}


return nil
}


Many system related tasks require 1777 access to /tmp though, e.g. we are
using them for our DB backup jobs or also for running ssh-agent.


Could you please clarify what the rational behind the decision is to have
the access settings on 770 for /tmp and also in what cases they are
automatically being reset except for restarts?


We were just facing issues that hundreds of our VMs had access rights reset
for /tmp to 770 and we are tapping in the dark what has caused this (in
this case certainly not a restart)


Thanks!


Kind regards,

Jan Zimbehl
Software Engineer - IBM BlueMix Ops Engineering
Project Management Professional, ITIL v3, MSc





Phone: +1-905-413-3439 IBM Canada Ltd.

Email: jan(a)ca.ibm.com 8200 Warden
Avenue

Markham, L3R 5Y6