From dd0ae1e48dd3e9243b3b4752f2cf16a069b98292 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Fri, 4 Mar 2022 21:21:46 +0100 Subject: [PATCH] ensure_dir: respect umask for created directory modes, fixes #6400 we tried to be very private / secure here, but that created the issue that a less secure umask (like e.g. 0o007) just did not work. to make the umask work, we must start from 0o777 mode and let the umask do its work, like e.g. 0o777 & ~0o007 --> 0o770. with borg's default umask of 0o077, it usually ends up being 0o700, so only permissions for the user (not group, not others). --- src/borg/helpers/fs.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/borg/helpers/fs.py b/src/borg/helpers/fs.py index a2ac49876..d1a412da0 100644 --- a/src/borg/helpers/fs.py +++ b/src/borg/helpers/fs.py @@ -21,12 +21,12 @@ py_37_plus = sys.version_info >= (3, 7) -def ensure_dir(path, mode=stat.S_IRWXU, pretty_deadly=True): +def ensure_dir(path, mode=stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO, pretty_deadly=True): """ Ensures that the dir exists with the right permissions. 1) Make sure the directory exists in a race-free operation 2) If mode is not None and the directory has been created, give the right - permissions to the leaf directory + permissions to the leaf directory. The current umask value is masked out first. 3) If pretty_deadly is True, catch exceptions, reraise them with a pretty message. Returns if the directory has been created and has the right permissions,