* [PATCH 2/2] public-inbox-init: honor umask when creating config file
@ 2023-08-28 10:45 7% ` Štěpán Němec
0 siblings, 0 replies; 1+ results
From: Štěpán Němec @ 2023-08-28 10:45 UTC (permalink / raw)
To: meta
File::Temp defaults to 0600, which is unsuitable for the
recommended/typical scenario of daemons running unprivileged and with
UID different from $PI_CONFIG owner, as the deamons need to read
$PI_CONFIG.
Respecting umask might end up creating world-unreadable config, too,
but for people who use such umask that's expected behavior.
---
script/public-inbox-init | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/script/public-inbox-init b/script/public-inbox-init
index 5de4578158fb..b3a16cfbf69d 100755
--- a/script/public-inbox-init
+++ b/script/public-inbox-init
@@ -1,5 +1,5 @@
#!perl -w
-# Copyright (C) 2014-2021 all contributors <meta@public-inbox.org>
+# Copyright (C) all contributors <meta@public-inbox.org>
# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
use strict;
use v5.10.1;
@@ -122,7 +122,8 @@ sysopen($lockfh, $lockfile, O_RDWR|O_CREAT|O_EXCL) or do {
};
require PublicInbox::OnDestroy;
my $auto_unlink = PublicInbox::OnDestroy->new($$, sub { unlink $lockfile });
-my ($perm, %seen);
+my $perm = 0644 & ~umask;
+my %seen;
if (-e $pi_config) {
open(my $oh, '<', $pi_config) or die "unable to read $pi_config: $!\n";
my @st = stat($oh);
@@ -219,7 +220,7 @@ if (sysopen $fh, $f, O_CREAT|O_EXCL|O_WRONLY) {
}
# needed for git prior to v2.1.0
-umask(0077) if defined $perm;
+umask(0077);
require PublicInbox::Spawn;
PublicInbox::Spawn->import(qw(run_die));
@@ -246,10 +247,8 @@ for my $kv (@c_extra) {
}
# needed for git prior to v2.1.0
-if (defined $perm) {
- chmod($perm & 07777, $pi_config_tmp) or
- die "(f)chmod failed on future $pi_config: $!\n";
-}
+chmod($perm & 07777, $pi_config_tmp) or
+ die "(f)chmod failed on future $pi_config: $!\n";
rename $pi_config_tmp, $pi_config or
die "failed to rename `$pi_config_tmp' to `$pi_config': $!\n";
--
2.42.0
^ permalink raw reply related [relevance 7%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2023-08-28 10:45 [PATCH 1/2] t/init.t: test newly created config permissions Štěpán Němec
2023-08-28 10:45 7% ` [PATCH 2/2] public-inbox-init: honor umask when creating config file Štěpán Němec
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).