From f5a47d86e3177b3cfceaea4aaa313d62bb3e78ec Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Fri, 4 Mar 2022 21:21:46 +0100 Subject: [PATCH] ensure_dir: respect umask for created directory modes, fixes #6400 we tried to be very private / secure here, but that created the issue that a less secure umask (like e.g. 0o007) just did not work. to make the umask work, we must start from 0o777 mode and let the umask do its work, like e.g. 0o777 & ~0o007 --> 0o770. with borg's default umask of 0o077, it usually ends up being 0o700, so only permissions for the user (not group, not others). --- src/borg/helpers/fs.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/borg/helpers/fs.py b/src/borg/helpers/fs.py index a2ac49876..d1a412da0 100644 --- a/src/borg/helpers/fs.py +++ b/src/borg/helpers/fs.py @@ -21,12 +21,12 @@ logger = create_logger() py_37_plus = sys.version_info >= (3, 7) -def ensure_dir(path, mode=stat.S_IRWXU, pretty_deadly=True): +def ensure_dir(path, mode=stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO, pretty_deadly=True): """ Ensures that the dir exists with the right permissions. 1) Make sure the directory exists in a race-free operation 2) If mode is not None and the directory has been created, give the right - permissions to the leaf directory + permissions to the leaf directory. The current umask value is masked out first. 3) If pretty_deadly is True, catch exceptions, reraise them with a pretty message. Returns if the directory has been created and has the right permissions,