mirror of https://github.com/borgbackup/borg.git
Merge pull request #5226 from ThomasWaldmann/server-enforces-umask
--umask is for the local borg process only, fixes #4947
This commit is contained in:
commit
7033d5054f
|
@ -84,12 +84,19 @@ use this option also for speeding up operations.
|
|||
``--umask``
|
||||
~~~~~~~~~~~
|
||||
|
||||
If you use ``--umask``, make sure that all repository-modifying borg commands
|
||||
(create, delete, prune) that access the repository in question use the same
|
||||
``--umask`` value.
|
||||
borg uses a safe default umask of 077 (that means the files borg creates have
|
||||
only permissions for owner, but no permissions for group and others) - so there
|
||||
should rarely be a need to change the default behaviour.
|
||||
|
||||
If multiple machines access the same repository, this should hold true for all
|
||||
of them.
|
||||
This option only affects the process to which it is given. Thus, when you run
|
||||
borg in client/server mode and you want to change the behaviour on the server
|
||||
side, you need to use ``borg serve --umask=XXX ...`` as a ssh forced command
|
||||
in ``authorized_keys``. The ``--umask`` value given on the client side is
|
||||
**not** transferred to the server side.
|
||||
|
||||
Also, if you choose to use the ``--umask`` option, always be consistent and use
|
||||
the same umask value so you do not create a mixup of permissions in a borg
|
||||
repository or with other files borg creates.
|
||||
|
||||
``--read-special``
|
||||
~~~~~~~~~~~~~~~~~~
|
||||
|
|
|
@ -2617,7 +2617,7 @@ class Archiver:
|
|||
add_common_option('--show-rc', dest='show_rc', action='store_true',
|
||||
help='show/log the return code (rc)')
|
||||
add_common_option('--umask', metavar='M', dest='umask', type=lambda s: int(s, 8), default=UMASK_DEFAULT,
|
||||
help='set umask to M (local and remote, default: %(default)04o)')
|
||||
help='set umask to M (local only, default: %(default)04o)')
|
||||
add_common_option('--remote-path', metavar='PATH', dest='remote_path',
|
||||
help='use PATH as borg executable on the remote (default: "borg")')
|
||||
add_common_option('--remote-ratelimit', metavar='RATE', dest='remote_ratelimit', type=int,
|
||||
|
@ -4422,12 +4422,12 @@ class Archiver:
|
|||
'restrict_to_repositories',
|
||||
'append_only',
|
||||
'storage_quota',
|
||||
'umask',
|
||||
}
|
||||
whitelist = {
|
||||
'debug_topics',
|
||||
'lock_wait',
|
||||
'log_level',
|
||||
'umask',
|
||||
}
|
||||
not_present = object()
|
||||
for attr_name in whitelist:
|
||||
|
|
|
@ -647,7 +647,6 @@ This problem will go away as soon as the server has been upgraded to 1.0.7+.
|
|||
# give some args/options to 'borg serve' process as they were given to us
|
||||
opts = []
|
||||
if args is not None:
|
||||
opts.append('--umask=%03o' % args.umask)
|
||||
root_logger = logging.getLogger()
|
||||
if root_logger.isEnabledFor(logging.DEBUG):
|
||||
opts.append('--debug')
|
||||
|
|
|
@ -3833,8 +3833,8 @@ def test_get_args():
|
|||
# everything normal:
|
||||
# first param is argv as produced by ssh forced command,
|
||||
# second param is like from SSH_ORIGINAL_COMMAND env variable
|
||||
args = archiver.get_args(['borg', 'serve', '--restrict-to-path=/p1', '--restrict-to-path=/p2', ],
|
||||
'borg serve --info --umask=0027')
|
||||
args = archiver.get_args(['borg', 'serve', '--umask=0027', '--restrict-to-path=/p1', '--restrict-to-path=/p2', ],
|
||||
'borg serve --info')
|
||||
assert args.func == archiver.do_serve
|
||||
assert args.restrict_to_paths == ['/p1', '/p2']
|
||||
assert args.umask == 0o027
|
||||
|
|
|
@ -885,17 +885,17 @@ class RemoteRepositoryTestCase(RepositoryTestCase):
|
|||
# XXX without next line we get spurious test fails when using pytest-xdist, root cause unknown:
|
||||
logging.getLogger().setLevel(logging.INFO)
|
||||
# note: test logger is on info log level, so --info gets added automagically
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg', 'serve', '--umask=077', '--info']
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg', 'serve', '--info']
|
||||
args.remote_path = 'borg-0.28.2'
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg-0.28.2', 'serve', '--umask=077', '--info']
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg-0.28.2', 'serve', '--info']
|
||||
args.debug_topics = ['something_client_side', 'repository_compaction']
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg-0.28.2', 'serve', '--umask=077', '--info',
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg-0.28.2', 'serve', '--info',
|
||||
'--debug-topic=borg.debug.repository_compaction']
|
||||
args = self._get_mock_args()
|
||||
args.storage_quota = 0
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg', 'serve', '--umask=077', '--info']
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg', 'serve', '--info']
|
||||
args.storage_quota = 314159265
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg', 'serve', '--umask=077', '--info',
|
||||
assert self.repository.borg_cmd(args, testing=False) == ['borg', 'serve', '--info',
|
||||
'--storage-quota=314159265']
|
||||
args.rsh = 'ssh -i foo'
|
||||
self.repository._args = args
|
||||
|
|
Loading…
Reference in New Issue