(docs) Recommend umask for passphrase file perms

The previous sample for creating a ~/.borg-passphrase file creates it first and then chmod's it to 400 permissions. That's probably fine in practice, but means there's a tiny window where the passphrase file is sitting with default permissions (likely world readable, depending on the system umask). It seems safer to first change the umask to remove all group & world bits (0077) _before_ creating the file. To be polite and avoid messing with the user's previous umask, we do this in a subshell. (Note that umask 0077 leads to a mode of 600 rather than the previous 400, because removing the owner write bit doesn't seem to buy much since the owner can just chmod the file anyway.)
2024-12-26 01:37:20 +00:00 · 2022-04-03 00:34:33 -05:00 · 2022-04-03 00:34:33 -05:00 · da07c36d6b
commit da07c36d6b
parent 22fc6d1bdd
1 changed files with 1 additions and 2 deletions
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -569,8 +569,7 @@ Using ``BORG_PASSCOMMAND`` with a properly permissioned file
  directory and use permissions to keep anyone else from reading it. For
  example, first create a key::

-    head -c 32 /dev/urandom | base64 -w 0 > ~/.borg-passphrase
-    chmod 400 ~/.borg-passphrase
+    (umask 0077; head -c 32 /dev/urandom | base64 -w 0 > ~/.borg-passphrase)

  Then in an automated script one can put::