From: Štěpán Němec <stepnem@smrk.net>
Date: Mon, 28 Aug 2023 10:45:13 +0000 (+0200)
Subject: public-inbox-init: honor umask when creating config file
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd0dc6ad0391f811f5248d83538a2eef8f74de95;p=thirdparty%2Fpublic-inbox.git

public-inbox-init: honor umask when creating config file

Creating config 0600 disregarding umask breaks scenarios where daemons
run with credentials different from config owner (but need to read the
config).

File::Temp defaults to 0600, which is unsuitable for the
recommended/typical scenario of daemons running unprivileged and with
UID different from $PI_CONFIG owner, as the deamons need to read
$PI_CONFIG.

Respecting umask might end up creating world-unreadable config, too,
but for people who use such umask that's expected behavior.
---

diff --git a/script/public-inbox-init b/script/public-inbox-init
index 5de457815..b3a16cfbf 100755
--- a/script/public-inbox-init
+++ b/script/public-inbox-init
@@ -1,5 +1,5 @@
 #!perl -w
-# Copyright (C) 2014-2021 all contributors <meta@public-inbox.org>
+# Copyright (C) all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
 use strict;
 use v5.10.1;
@@ -122,7 +122,8 @@ sysopen($lockfh, $lockfile, O_RDWR|O_CREAT|O_EXCL) or do {
 };
 require PublicInbox::OnDestroy;
 my $auto_unlink = PublicInbox::OnDestroy->new($$, sub { unlink $lockfile });
-my ($perm, %seen);
+my $perm = 0644 & ~umask;
+my %seen;
 if (-e $pi_config) {
 	open(my $oh, '<', $pi_config) or die "unable to read $pi_config: $!\n";
 	my @st = stat($oh);
@@ -219,7 +220,7 @@ if (sysopen $fh, $f, O_CREAT|O_EXCL|O_WRONLY) {
 }
 
 # needed for git prior to v2.1.0
-umask(0077) if defined $perm;
+umask(0077);
 
 require PublicInbox::Spawn;
 PublicInbox::Spawn->import(qw(run_die));
@@ -246,10 +247,8 @@ for my $kv (@c_extra) {
 }
 
 # needed for git prior to v2.1.0
-if (defined $perm) {
-	chmod($perm & 07777, $pi_config_tmp) or
-			die "(f)chmod failed on future $pi_config: $!\n";
-}
+chmod($perm & 07777, $pi_config_tmp) or
+	die "(f)chmod failed on future $pi_config: $!\n";
 
 rename $pi_config_tmp, $pi_config or
 	die "failed to rename `$pi_config_tmp' to `$pi_config': $!\n";
diff --git a/t/init.t b/t/init.t
index 0096ca307..82a2a4436 100644
--- a/t/init.t
+++ b/t/init.t
@@ -19,7 +19,11 @@ sub quiet_fail {
 	my $cfgfile = "$ENV{PI_DIR}/config";
 	my $cmd = [ '-init', 'blist', "$tmpdir/blist",
 		   qw(http://example.com/blist blist@example.com) ];
+	my $umask = umask(070) // xbail "umask: $!";
 	ok(run_script($cmd), 'public-inbox-init OK');
+	umask($umask) // xbail "umask: $!";
+	my $mode = (stat($cfgfile))[2];
+	is(sprintf('0%03o', $mode & 0777), '0604', 'config respects umask');
 
 	is(read_indexlevel('blist'), '', 'indexlevel unset by default');