summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2011-08-01 20:52:18 +0200
committerLennart Poettering <lennart@poettering.net>2011-08-01 20:52:18 +0200
commit4c12626c8e3491570b395d68380543e10c98ad33 (patch)
tree6cc39f5ee23aa41accc1baffb7db5a7444859fce
parent07f8a4aa49a84ec61513788d5ddf521f3de5a0ba (diff)
umask: change default umask to 0022 just to be sure, and set it explicitly in all binaries, in order to make sure it is set when started from the terminal
-rw-r--r--src/binfmt.c2
-rw-r--r--src/cryptsetup-generator.c2
-rw-r--r--src/cryptsetup.c2
-rw-r--r--src/execute.c2
-rw-r--r--src/fsck.c2
-rw-r--r--src/getty-generator.c2
-rw-r--r--src/hostnamed.c4
-rw-r--r--src/initctl.c2
-rw-r--r--src/kmsg-syslogd.c2
-rw-r--r--src/localed.c4
-rw-r--r--src/logger.c2
-rw-r--r--src/logind.c4
-rw-r--r--src/machine-id-setup.c3
-rw-r--r--src/modules-load.c2
-rw-r--r--src/nspawn.c3
-rw-r--r--src/quotacheck.c2
-rw-r--r--src/random-seed.c2
-rw-r--r--src/readahead-collect.c2
-rw-r--r--src/readahead-replay.c2
-rw-r--r--src/remount-api-vfs.c2
-rw-r--r--src/shutdown.c2
-rw-r--r--src/shutdownd.c2
-rw-r--r--src/sysctl.c2
-rw-r--r--src/timedated.c4
-rw-r--r--src/tmpfiles.c2
-rw-r--r--src/tty-ask-password-agent.c2
-rw-r--r--src/uaccess.c2
-rw-r--r--src/update-utmp.c2
-rw-r--r--src/user-sessions.c2
-rw-r--r--src/vconsole-setup.c2
30 files changed, 59 insertions, 11 deletions
diff --git a/src/binfmt.c b/src/binfmt.c
index a815a112e8..552d8cc227 100644
--- a/src/binfmt.c
+++ b/src/binfmt.c
@@ -127,6 +127,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc > 1) {
r = apply_file(argv[1], false);
} else {
diff --git a/src/cryptsetup-generator.c b/src/cryptsetup-generator.c
index db8ebdfb18..a340218fda 100644
--- a/src/cryptsetup-generator.c
+++ b/src/cryptsetup-generator.c
@@ -246,6 +246,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (!(f = fopen("/etc/crypttab", "re"))) {
if (errno == ENOENT)
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index c0caf9a930..cf288de631 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -241,6 +241,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (streq(argv[1], "attach")) {
uint32_t flags = 0;
int k;
diff --git a/src/execute.c b/src/execute.c
index 7b2567976d..f07d018a37 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -1402,7 +1402,7 @@ fail_parent:
void exec_context_init(ExecContext *c) {
assert(c);
- c->umask = 0002;
+ c->umask = 0022;
c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
c->cpu_sched_policy = SCHED_OTHER;
c->syslog_priority = LOG_DAEMON|LOG_INFO;
diff --git a/src/fsck.c b/src/fsck.c
index 19ca75311b..5d9cf24f4d 100644
--- a/src/fsck.c
+++ b/src/fsck.c
@@ -163,6 +163,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
parse_proc_cmdline();
test_files();
diff --git a/src/getty-generator.c b/src/getty-generator.c
index 7b91094b31..b8228e9822 100644
--- a/src/getty-generator.c
+++ b/src/getty-generator.c
@@ -73,6 +73,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (detect_container(NULL) > 0) {
log_debug("Automatic adding console shell.");
diff --git a/src/hostnamed.c b/src/hostnamed.c
index 7b2ce691a3..e3b89a4c62 100644
--- a/src/hostnamed.c
+++ b/src/hostnamed.c
@@ -559,6 +559,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc == 2 && streq(argv[1], "--introspect")) {
fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
"<node>\n", stdout);
@@ -576,8 +578,6 @@ int main(int argc, char *argv[]) {
if (!check_nss())
log_warning("Warning: nss-myhostname is not installed. Changing the local hostname might make it unresolveable. Please install nss-myhostname!");
- umask(0022);
-
r = read_data();
if (r < 0) {
log_error("Failed to read hostname data: %s", strerror(-r));
diff --git a/src/initctl.c b/src/initctl.c
index dd743142fd..7096a824b0 100644
--- a/src/initctl.c
+++ b/src/initctl.c
@@ -364,6 +364,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((n = sd_listen_fds(true)) < 0) {
log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
return EXIT_FAILURE;
diff --git a/src/kmsg-syslogd.c b/src/kmsg-syslogd.c
index 60d3244b3b..83c2047a7a 100644
--- a/src/kmsg-syslogd.c
+++ b/src/kmsg-syslogd.c
@@ -455,6 +455,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((n = sd_listen_fds(true)) < 0) {
log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
return EXIT_FAILURE;
diff --git a/src/localed.c b/src/localed.c
index 93e4e9bd56..cb8acf2079 100644
--- a/src/localed.c
+++ b/src/localed.c
@@ -575,6 +575,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc == 2 && streq(argv[1], "--introspect")) {
fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
"<node>\n", stdout);
@@ -589,8 +591,6 @@ int main(int argc, char *argv[]) {
goto finish;
}
- umask(0022);
-
r = read_data();
if (r < 0) {
log_error("Failed to read locale data: %s", strerror(-r));
diff --git a/src/logger.c b/src/logger.c
index 81196dbe00..435d5a7620 100644
--- a/src/logger.c
+++ b/src/logger.c
@@ -637,6 +637,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((n = sd_listen_fds(true)) < 0) {
log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
return EXIT_FAILURE;
diff --git a/src/logind.c b/src/logind.c
index ca48aa137f..b84242e1ed 100644
--- a/src/logind.c
+++ b/src/logind.c
@@ -1193,14 +1193,14 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc != 1) {
log_error("This program takes no arguments.");
r = -EINVAL;
goto finish;
}
- umask(0022);
-
m = manager_new();
if (!m) {
log_error("Out of memory");
diff --git a/src/machine-id-setup.c b/src/machine-id-setup.c
index be51d0dec7..519521fe67 100644
--- a/src/machine-id-setup.c
+++ b/src/machine-id-setup.c
@@ -167,7 +167,10 @@ int machine_id_setup(void) {
mkdir_p("/run/systemd", 0755);
+ m = umask(0022);
r = write_one_line_file("/run/systemd/machine-id", id);
+ umask(m);
+
if (r < 0) {
log_error("Cannot write /run/systemd/machine-id: %s", strerror(-r));
diff --git a/src/modules-load.c b/src/modules-load.c
index d76defa515..4b3b12109c 100644
--- a/src/modules-load.c
+++ b/src/modules-load.c
@@ -46,6 +46,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (!(arguments = strv_new("/sbin/modprobe", "-sab", "--", NULL))) {
log_error("Failed to allocate string array");
goto finish;
diff --git a/src/nspawn.c b/src/nspawn.c
index a1ed425f05..f4d63ea265 100644
--- a/src/nspawn.c
+++ b/src/nspawn.c
@@ -314,7 +314,6 @@ static int copy_devnodes(const char *dest, const char *console) {
}
finish:
-
umask(u);
return r;
@@ -776,7 +775,7 @@ int main(int argc, char *argv[]) {
goto child_fail;
}
- umask(0002);
+ umask(0022);
if (drop_capabilities() < 0)
goto child_fail;
diff --git a/src/quotacheck.c b/src/quotacheck.c
index ba12b27caa..c475cecc91 100644
--- a/src/quotacheck.c
+++ b/src/quotacheck.c
@@ -90,6 +90,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
parse_proc_cmdline();
test_files();
diff --git a/src/random-seed.c b/src/random-seed.c
index 054233e660..ee5cae315c 100644
--- a/src/random-seed.c
+++ b/src/random-seed.c
@@ -47,6 +47,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
/* Read pool size, if possible */
if ((f = fopen("/proc/sys/kernel/random/poolsize", "re"))) {
fscanf(f, "%zu", &buf_size);
diff --git a/src/readahead-collect.c b/src/readahead-collect.c
index 20881b3944..df467f1a42 100644
--- a/src/readahead-collect.c
+++ b/src/readahead-collect.c
@@ -656,6 +656,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((r = parse_argv(argc, argv)) <= 0)
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
diff --git a/src/readahead-replay.c b/src/readahead-replay.c
index 0b84528b0e..e97a0cfbbf 100644
--- a/src/readahead-replay.c
+++ b/src/readahead-replay.c
@@ -340,6 +340,8 @@ int main(int argc, char*argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((r = parse_argv(argc, argv)) <= 0)
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
diff --git a/src/remount-api-vfs.c b/src/remount-api-vfs.c
index 5b1872833a..8bbc021dc4 100644
--- a/src/remount-api-vfs.c
+++ b/src/remount-api-vfs.c
@@ -52,6 +52,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (!(f = setmntent("/etc/fstab", "r"))) {
log_error("Failed to open /etc/fstab: %m");
goto finish;
diff --git a/src/shutdown.c b/src/shutdown.c
index 52bad21971..1c6dc6597b 100644
--- a/src/shutdown.c
+++ b/src/shutdown.c
@@ -295,6 +295,8 @@ int main(int argc, char *argv[]) {
log_set_target(LOG_TARGET_CONSOLE); /* syslog will die if not gone yet */
log_open();
+ umask(0022);
+
if (getpid() != 1) {
log_error("Not executed by init (pid 1).");
r = -EPERM;
diff --git a/src/shutdownd.c b/src/shutdownd.c
index 49ab8863e4..0ffa8b2881 100644
--- a/src/shutdownd.c
+++ b/src/shutdownd.c
@@ -193,6 +193,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((n_fds = sd_listen_fds(true)) < 0) {
log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
return EXIT_FAILURE;
diff --git a/src/sysctl.c b/src/sysctl.c
index 9f7acfce8b..8bdfb0811c 100644
--- a/src/sysctl.c
+++ b/src/sysctl.c
@@ -228,6 +228,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc > optind)
r = apply_file(argv[optind], false);
else {
diff --git a/src/timedated.c b/src/timedated.c
index 4abcf1af73..4bde0355a5 100644
--- a/src/timedated.c
+++ b/src/timedated.c
@@ -578,6 +578,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc == 2 && streq(argv[1], "--introspect")) {
fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
"<node>\n", stdout);
@@ -592,8 +594,6 @@ int main(int argc, char *argv[]) {
goto finish;
}
- umask(0022);
-
r = read_data();
if (r < 0) {
log_error("Failed to read timezone data: %s", strerror(-r));
diff --git a/src/tmpfiles.c b/src/tmpfiles.c
index 3a1985a363..421a9154c5 100644
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@@ -972,6 +972,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
label_init();
items = hashmap_new(string_hash_func, string_compare_func);
diff --git a/src/tty-ask-password-agent.c b/src/tty-ask-password-agent.c
index ca183c350b..43d008fc70 100644
--- a/src/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent.c
@@ -728,6 +728,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((r = parse_argv(argc, argv)) <= 0)
goto finish;
diff --git a/src/uaccess.c b/src/uaccess.c
index 786f0ef641..49ac4af0f4 100644
--- a/src/uaccess.c
+++ b/src/uaccess.c
@@ -38,6 +38,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc < 2 || argc > 3) {
log_error("This program expects one or two arguments.");
r = -EINVAL;
diff --git a/src/update-utmp.c b/src/update-utmp.c
index b06f5a06cb..f81e7f495f 100644
--- a/src/update-utmp.c
+++ b/src/update-utmp.c
@@ -373,6 +373,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
#ifdef HAVE_AUDIT
if ((c.audit_fd = audit_open()) < 0)
log_error("Failed to connect to audit log: %m");
diff --git a/src/user-sessions.c b/src/user-sessions.c
index ffb8657436..df46b76c87 100644
--- a/src/user-sessions.c
+++ b/src/user-sessions.c
@@ -39,6 +39,8 @@ int main(int argc, char*argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (streq(argv[1], "start")) {
int q = 0, r = 0;
diff --git a/src/vconsole-setup.c b/src/vconsole-setup.c
index 68ebac9ae4..4347a2078f 100644
--- a/src/vconsole-setup.c
+++ b/src/vconsole-setup.c
@@ -171,6 +171,8 @@ int main(int argc, char **argv) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argv[1])
vc = argv[1];
else