actions/config: ensure config file is created with mode 0644 (#152)

If the user has set a restrictive umask, e.g. 0077, then /etc/fscrypt.conf would be created without the world-readable bit set. Fix it by overriding the umask when creating the file. Resolves https://github.com/google/fscrypt/issues/151
author: ebiggers <ebiggers@google.com> 2019-10-23 22:18:45 -0700
committer: Joseph Richey <joerichey@google.com> 2019-10-23 22:18:45 -0700
commit: a5b805f03d5add8a1750f564bebf9f6eac035ec1 (patch)
tree: 45780fcfdb3a1dbff47fd0f648bc2f8277aaf306 /actions/config.go
parent: f819c93ef40851ddad0470a711c673c643e73ca6 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/actions/config.go b/actions/config.go
index 386edc4..7fdaf5b 100644
--- a/actions/config.go
+++ b/actions/config.go
@@ -31,6 +31,7 @@ import (
 	"golang.org/x/sys/unix"
 
 	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/filesystem"
 	"github.com/google/fscrypt/metadata"
 	"github.com/google/fscrypt/util"
 )
@@ -68,7 +69,8 @@ var (
 func CreateConfigFile(target time.Duration, useLegacy bool) error {
 	// Create the config file before computing the hashing costs, so we fail
 	// immediately if the program has insufficient permissions.
-	configFile, err := os.OpenFile(ConfigFileLocation, createFlags, configPermissions)
+	configFile, err := filesystem.OpenFileOverridingUmask(ConfigFileLocation,
+		createFlags, configPermissions)
 	switch {
 	case os.IsExist(err):
 		return ErrConfigFileExists
author	ebiggers <ebiggers@google.com>	2019-10-23 22:18:45 -0700
committer	Joseph Richey <joerichey@google.com>	2019-10-23 22:18:45 -0700
commit	a5b805f03d5add8a1750f564bebf9f6eac035ec1 (patch)
tree	45780fcfdb3a1dbff47fd0f648bc2f8277aaf306 /actions/config.go
parent	f819c93ef40851ddad0470a711c673c643e73ca6 (diff)