Server-data-dir permissions

[dometto]

I am a bit puzzled by the permissions on the temporary directory created to be used as rservers' server-data-dir. The directory is initialized here. According to the tempfile docs...

the directory is readable, writable, and searchable only by the creating user ID.

However, when launching RStudio via jupyter-ression-proxy, I see that it has created a server-data-dir with the following permissions:

$ ls -l /tmp | grep tmpmkugxl8q
drwxrwxrwt. 4 testuser testuser 160 Nov 19 13:24 tmpmkugxl8q
$ ls -l /tmp/tmpmkugxl8q
total 76
-rw-------. 1 testuser testuser  4096 Nov 19 13:24 rstudio-os.sqlite
-rw-------. 1 testuser testuser 32768 Nov 19 13:24 rstudio-os.sqlite-shm
-rw-------. 1 testuser testuser 32992 Nov 19 13:24 rstudio-os.sqlite-wal
drwxrwxrwt. 2 testuser testuser    60 Nov 19 13:24 rstudio-rserver
drwxrwxrwt. 2 testuser testuser    40 Nov 19 13:24 rstudio-rsession
-rw-------. 1 testuser testuser    44 Nov 19 13:24 tmp5imqbvf8

So the data dir is readable for other users, and rserver is creating two directories in it that are world readable and writeable. Is this expected behavior? Is there anyway to lock this down?

[consideRatio]

Hmmm, is a subfolder readable if the parent folder isn't?

[consideRatio]

I think yes, if you know its path - and it can absolutely be known. So yes, I think this is an issue!

[dometto]

In this case the underlying directory is also accessible, see the permissions:

ls -l /tmp | grep tmpmkugxl8q
drwxrwxrwt. 4 testuser testuser 160 Nov 19 13:24 tmpmkugxl8q

[dometto]

Looks like rserver is changing the permissions:

$ mkdir /tmp/permission_test
$ chmod 700 /tmp/permission_test/
$ /usr/lib/rstudio-server/bin/rserver --server-data-dir /tmp/permission_test/
TTY detected. Printing informational message about logging configuration. Logging configuration loaded from '/etc/rstudio/logging.conf'. Logging to '/var/log/rstudio/rstudio-server/rserver.log'.
$ ls -l /tmp/ | grep permission
drwxrwxrwt. 3 rstudio-server rstudio-server    60 Nov 19 15:50 permission_test

[dometto]

Edit: this assumes a subfolder is not readable if the parent folder isn't

And looks like a workaround would be to create the directory inside of a second temporary directory:

$ mkdir -p /tmp/permission_test/test
$ chmod -R 700 /tmp/permission_test/
$ /usr/lib/rstudio-server/bin/rserver --server-data-dir /tmp/permission_test/test/
TTY detected. Printing informational message about logging configuration. Logging configuration loaded from '/etc/rstudio/logging.conf'. Logging to '/var/log/rstudio/rstudio-server/rserver.log'.
$ ls -l /tmp/permission_test/
total 0
drwxrwxrwt. 3 rstudio-server rstudio-server 60 Nov 19 15:53 test
$ ls -l /tmp/ | grep permission
drwx------. 3 root           root              60 Nov 19 15:53 permission_test