Better workaround for problem umasks when eg, setting up ssh keys.
This commit is contained in:
Joey Hess
parent
8602a766f7
commit
b7b9afa9ad
3 changed files with 26 additions and 9 deletions
|
|
@ -99,13 +99,20 @@ noUmask :: FileMode -> IO a -> IO a
|
|||
#ifndef mingw32_HOST_OS
|
||||
noUmask mode a
|
||||
| mode == stdFileMode = a
|
||||
| otherwise = bracket setup cleanup go
|
||||
| otherwise = withUmask nullFileMode a
|
||||
#else
|
||||
noUmask _ a = a
|
||||
#endif
|
||||
|
||||
withUmask :: FileMode -> IO a -> IO a
|
||||
#ifndef mingw32_HOST_OS
|
||||
withUmask umask a = bracket setup cleanup go
|
||||
where
|
||||
setup = setFileCreationMask nullFileMode
|
||||
setup = setFileCreationMask umask
|
||||
cleanup = setFileCreationMask
|
||||
go _ = a
|
||||
#else
|
||||
noUmask _ a = a
|
||||
withUmask _ a = a
|
||||
#endif
|
||||
|
||||
combineModes :: [FileMode] -> FileMode
|
||||
|
|
@ -127,14 +134,20 @@ setSticky f = modifyFileMode f $ addModes [stickyMode]
|
|||
#endif
|
||||
|
||||
{- Writes a file, ensuring that its modes do not allow it to be read
|
||||
- by anyone other than the current user, before any content is written.
|
||||
- or written by anyone other than the current user,
|
||||
- before any content is written.
|
||||
-
|
||||
- When possible, this is done using the umask.
|
||||
-
|
||||
- On a filesystem that does not support file permissions, this is the same
|
||||
- as writeFile.
|
||||
-}
|
||||
writeFileProtected :: FilePath -> String -> IO ()
|
||||
writeFileProtected file content = withFile file WriteMode $ \h -> do
|
||||
void $ tryIO $
|
||||
modifyFileMode file $
|
||||
removeModes [groupReadMode, otherReadMode]
|
||||
hPutStr h content
|
||||
writeFileProtected file content = withUmask 0o0077 $
|
||||
withFile file WriteMode $ \h -> do
|
||||
void $ tryIO $ modifyFileMode file $
|
||||
removeModes
|
||||
[ groupReadMode, otherReadMode
|
||||
, groupWriteMode, otherWriteMode
|
||||
]
|
||||
hPutStr h content
|
||||
|
|
|
|||
1
debian/changelog
vendored
1
debian/changelog
vendored
|
|
@ -16,6 +16,7 @@ git-annex (5.20140307) UNRELEASED; urgency=medium
|
|||
(So will --in=)
|
||||
* Fix ssh connection caching stop method to work with openssh 6.5p1,
|
||||
which broke the old method.
|
||||
* Better workaround for problem umasks when eg, setting up ssh keys.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Thu, 06 Mar 2014 16:17:01 -0400
|
||||
|
||||
|
|
|
|||
|
|
@ -57,3 +57,6 @@ bad permissions: ignore key: ABC/.ssh/git-annex/key.git-annex-XYZ_annex
|
|||
|
||||
# End of transcript or log.
|
||||
"""]]
|
||||
|
||||
> [[Fixed|done]]; the code made sure the file did not have any group or
|
||||
> world read bits, but did not clear write bits. --[[Joey]]
|
||||
|
|
|
|||
Loading…
Reference in a new issue