actions/config: ensure config file is created with mode 0644 (#152)

If the user has set a restrictive umask, e.g. 0077, then /etc/fscrypt.conf would be created without the world-readable bit set. Fix it by overriding the umask when creating the file. Resolves https://github.com/google/fscrypt/issues/151
author: ebiggers <ebiggers@google.com> 2019-10-23 22:18:45 -0700
committer: Joseph Richey <joerichey@google.com> 2019-10-23 22:18:45 -0700
commit: a5b805f03d5add8a1750f564bebf9f6eac035ec1 (patch)
tree: 45780fcfdb3a1dbff47fd0f648bc2f8277aaf306 /filesystem/path.go
parent: f819c93ef40851ddad0470a711c673c643e73ca6 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/filesystem/path.go b/filesystem/path.go
index 5fd3fdf..cfc3dc0 100644
--- a/filesystem/path.go
+++ b/filesystem/path.go
@@ -24,9 +24,19 @@ import (
 	"os"
 	"path/filepath"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/pkg/errors"
 )
 
+// OpenFileOverridingUmask calls os.OpenFile but with the umask overridden so
+// that no permission bits are masked out if the file is created.
+func OpenFileOverridingUmask(name string, flag int, perm os.FileMode) (*os.File, error) {
+	oldMask := unix.Umask(0)
+	defer unix.Umask(oldMask)
+	return os.OpenFile(name, flag, perm)
+}
+
 // We only check the unix permissions and the sticky bit
 const permMask = os.ModeSticky | os.ModePerm
author	ebiggers <ebiggers@google.com>	2019-10-23 22:18:45 -0700
committer	Joseph Richey <joerichey@google.com>	2019-10-23 22:18:45 -0700
commit	a5b805f03d5add8a1750f564bebf9f6eac035ec1 (patch)
tree	45780fcfdb3a1dbff47fd0f648bc2f8277aaf306 /filesystem/path.go
parent	f819c93ef40851ddad0470a711c673c643e73ca6 (diff)