From 49e1fc8c31458387c5f29a70c08c7b75924a312c Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Wed, 15 Jan 2025 11:43:14 +0200 Subject: [PATCH] [service] Ensure pemission for all directories --- service/instance.go | 4 ++-- service/updates/downloader.go | 6 ++++-- spn/instance.go | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/service/instance.go b/service/instance.go index 4f3967e5..c71f6388 100644 --- a/service/instance.go +++ b/service/instance.go @@ -3,7 +3,6 @@ package service import ( "context" "fmt" - "os" "sync/atomic" "time" @@ -14,6 +13,7 @@ import ( "github.com/safing/portmaster/base/notifications" "github.com/safing/portmaster/base/rng" "github.com/safing/portmaster/base/runtime" + "github.com/safing/portmaster/base/utils" "github.com/safing/portmaster/service/broadcasts" "github.com/safing/portmaster/service/compat" "github.com/safing/portmaster/service/core" @@ -123,7 +123,7 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx } // Make sure data dir exists, so that child directories don't dictate the permissions. - err = os.MkdirAll(svcCfg.DataDir, 0o0755) + err = utils.EnsureDirectory(svcCfg.DataDir, utils.PublicReadExecPermission) if err != nil { return nil, fmt.Errorf("data directory %s is not accessible: %w", svcCfg.DataDir, err) } diff --git a/service/updates/downloader.go b/service/updates/downloader.go index c87d92d9..acc94292 100644 --- a/service/updates/downloader.go +++ b/service/updates/downloader.go @@ -38,7 +38,7 @@ func NewDownloader(u *Updater, indexURLs []string) *Downloader { func (d *Downloader) updateIndex(ctx context.Context) error { // Make sure dir exists. - err := os.MkdirAll(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission.AsUnixPermission()) + err := utils.EnsureDirectory(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission) if err != nil { return fmt.Errorf("create download directory: %s", d.u.cfg.DownloadDirectory) } @@ -131,7 +131,7 @@ func (d *Downloader) gatherExistingFiles(dir string) error { func (d *Downloader) downloadArtifacts(ctx context.Context) error { // Make sure dir exists. - err := os.MkdirAll(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission.AsUnixPermission()) + err := utils.EnsureDirectory(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission) if err != nil { return fmt.Errorf("create download directory: %s", d.u.cfg.DownloadDirectory) } @@ -182,6 +182,8 @@ artifacts: return fmt.Errorf("write %s to temp file: %w", artifact.Filename, err) } + _ = utils.SetFilePermission(tmpFilename, artifact.GetFileMode()) + // Rename/Move to actual location. err = os.Rename(tmpFilename, dstFilePath) if err != nil { diff --git a/spn/instance.go b/spn/instance.go index 33af8ea5..e8fa1789 100644 --- a/spn/instance.go +++ b/spn/instance.go @@ -3,7 +3,6 @@ package spn import ( "context" "fmt" - "os" "sync/atomic" "time" @@ -14,6 +13,7 @@ import ( "github.com/safing/portmaster/base/notifications" "github.com/safing/portmaster/base/rng" "github.com/safing/portmaster/base/runtime" + "github.com/safing/portmaster/base/utils" "github.com/safing/portmaster/service" "github.com/safing/portmaster/service/core" "github.com/safing/portmaster/service/core/base" @@ -88,7 +88,7 @@ func New(svcCfg *service.ServiceConfig) (*Instance, error) { } // Make sure data dir exists, so that child directories don't dictate the permissions. - err = os.MkdirAll(svcCfg.DataDir, 0o0755) + err = utils.EnsureDirectory(svcCfg.DataDir, utils.PublicReadExecPermission) if err != nil { return nil, fmt.Errorf("data directory %s is not accessible: %w", svcCfg.DataDir, err) }