storage: use 0711 as the default perms for dirs

There should be no need to make dir based pools world/group readable.
So use 0711, not 0755, as the default perms for storage dirs.

Updates in v2:
 - adapt commit wording to mention dropping group readable as well

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

diff --git a/docs/formatstorage.html.in b/docs/formatstorage.html.in
index 225e190002acb88777872520c783f0459da07a22..4946ddf708b9b9ded8ad945f11ea7676ef7715f9 100644 (file)
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -444,7 +444,7 @@
         namespace. It provides information about the permissions to use for the
         final directory when the pool is built. There are 4 child elements.
         The <code>mode</code> element contains the octal permission set.
-        The <code>mode</code> defaults to 0755 when not provided.
+        The <code>mode</code> defaults to 0711 when not provided.
         The <code>owner</code> element contains the numeric user ID.
         The <code>group</code> element contains the numeric group ID.
         If <code>owner</code> or <code>group</code> aren't specified when

diff --git a/src/storage/storage_util.h b/src/storage/storage_util.h
index a05c35d81b3ed2450259c560b903972f83228003..6f2a1b189e1d1c87baa980c38696e3e76e6b8f8a 100644 (file)
--- a/src/storage/storage_util.h
+++ b/src/storage/storage_util.h
@@ -138,7 +138,7 @@ int virStorageBackendVolOpen(const char *path, struct stat *sb,
     ATTRIBUTE_RETURN_CHECK
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
 
-# define VIR_STORAGE_DEFAULT_POOL_PERM_MODE 0755
+# define VIR_STORAGE_DEFAULT_POOL_PERM_MODE 0711
 # define VIR_STORAGE_DEFAULT_VOL_PERM_MODE  0600
 
 int virStorageBackendUpdateVolInfo(virStorageVolDefPtr vol,