Volumes created with nfs-client-provisioner have 777 permissions by default #377
Description
Environmental Info:
K3s Version:
v1.31.4+k3s1
Node(s) CPU architecture, OS, and Version:
Red Hat Enterprise Linux release 8.10 (Ootpa)
Cluster Configuration:
1 master, 4 workers
Describe the bug:
Creating a PVC using a StorageClass managed by the nfs-client-provisioner, the resulting volumes are created with 777 permissions. This can be a security issue, as it allows full access to any user.
Steps To Reproduce:
- Create a StorageClass that uses the nfs-client-provisioner.
- Create a PVC that uses the StorageClass created in step 1.
- Verify the permissions of the created volume.
Expected behavior:
The permissions of the created volume should be more restrictive and not 777.
Actual behavior:
The created volume has 777 permissions, allowing full access to any system user.
Additional context / logs:
Example command to verify permissions:
sudo find / -perm -007 \( -type f -o -type d \) -ls
Example output:
7995808 4 drwxrwxrwx 2 root root 4096 Jun 14 2024 /opt/mnt/shared/k3s/postgres-pvc-dd6ae9b7-13bb-47ca-a116-04233b1a7e5c