public-inbox-init: honor umask when creating config file

Creating config 0600 disregarding umask breaks scenarios where daemons
run with credentials different from config owner (but need to read the
config).

File::Temp defaults to 0600, which is unsuitable for the
recommended/typical scenario of daemons running unprivileged and with
UID different from $PI_CONFIG owner, as the deamons need to read
$PI_CONFIG.

Respecting umask might end up creating world-unreadable config, too,
but for people who use such umask that's expected behavior.

diff --git a/script/public-inbox-init b/script/public-inbox-init
index 5de4578158fb19412ade85ae534cab27fba1d4e6..b3a16cfbf69d6f6bc21d64597dcef7a552e546cb 100755 (executable)
--- a/script/public-inbox-init
+++ b/script/public-inbox-init
@@ -1,5 +1,5 @@
 #!perl -w
-# Copyright (C) 2014-2021 all contributors <meta@public-inbox.org>
+# Copyright (C) all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
 use strict;
 use v5.10.1;
@@ -122,7 +122,8 @@ sysopen($lockfh, $lockfile, O_RDWR|O_CREAT|O_EXCL) or do {
 };
 require PublicInbox::OnDestroy;
 my $auto_unlink = PublicInbox::OnDestroy->new($$, sub { unlink $lockfile });
-my ($perm, %seen);
+my $perm = 0644 & ~umask;
+my %seen;
 if (-e $pi_config) {
        open(my $oh, '<', $pi_config) or die "unable to read $pi_config: $!\n";
        my @st = stat($oh);
@@ -219,7 +220,7 @@ if (sysopen $fh, $f, O_CREAT|O_EXCL|O_WRONLY) {
 }
 
 # needed for git prior to v2.1.0
-umask(0077) if defined $perm;
+umask(0077);
 
 require PublicInbox::Spawn;
 PublicInbox::Spawn->import(qw(run_die));
@@ -246,10 +247,8 @@ for my $kv (@c_extra) {
 }
 
 # needed for git prior to v2.1.0
-if (defined $perm) {
-       chmod($perm & 07777, $pi_config_tmp) or
-                       die "(f)chmod failed on future $pi_config: $!\n";
-}
+chmod($perm & 07777, $pi_config_tmp) or
+       die "(f)chmod failed on future $pi_config: $!\n";
 
 rename $pi_config_tmp, $pi_config or
        die "failed to rename `$pi_config_tmp' to `$pi_config': $!\n";

diff --git a/t/init.t b/t/init.t
index 0096ca30796249f9ea7d006d98a623a679202f03..82a2a4436261b29191a79cdb872f5ac375063e4c 100644 (file)
--- a/t/init.t
+++ b/t/init.t
@@ -19,7 +19,11 @@ sub quiet_fail {
        my $cfgfile = "$ENV{PI_DIR}/config";
        my $cmd = [ '-init', 'blist', "$tmpdir/blist",
                   qw(http://example.com/blist blist@example.com) ];
+       my $umask = umask(070) // xbail "umask: $!";
        ok(run_script($cmd), 'public-inbox-init OK');
+       umask($umask) // xbail "umask: $!";
+       my $mode = (stat($cfgfile))[2];
+       is(sprintf('0%03o', $mode & 0777), '0604', 'config respects umask');
 
        is(read_indexlevel('blist'), '', 'indexlevel unset by default');