set more restricted permissions for store

[lukas016]

Summary

Using 0777 and 0666 permissions aren't best practice. Main problem is everybody can edit folders or files, what can create unexpected problems for us and it is security risk.

I recommend change it to 0750 for folder and 0640 for file.

0750 for folder can be maybe problematic for libvirt daemon.

Pls fix return of error in set function in the issue: https://github.com/ironcore-dev/libvirt-provider/blob/main/pkg/host/store.go#L238

Motivation

Better security.

[so-sahu]

I would also suggest defining two exported constants and using them universally instead of having individual constants scattered throughout the packages at the package level. This can make it easier to maintain and update constants in the future.

[lukas016]

I would also suggest defining two exported constants and using them universally instead of having individual constants scattered throughout the packages at the package level. This can make it easier to maintain and update constants in the future.

I don't think it is possible, it always will depend on use-cases. I don't want to push use only one specific permissions. It can be problematic.

[so-sahu]

If the same permissions are used in multiple places, wouldn't it make sense to centralize them in one location and then reference them elsewhere?

[lukas016]

Depends on folder structure. If you create one package for constants, it can be use. But using of constants from multiple packages cross whole project can be problematic because you cannot create cycle dependency between packages.

And when we create one package for constants it will ideally put every constants into this package what i don't recommend do in this Issue and create follow up issue for that.