umask: change default umask to 0022 just to be sure, and set it explicitly in all binaries, in order to make sure it is set when started from the terminal

author: Lennart Poettering <lennart@poettering.net> 2011-08-01 20:52:18 +0200
committer: Lennart Poettering <lennart@poettering.net> 2011-08-01 20:52:18 +0200
commit: 4c12626c8e3491570b395d68380543e10c98ad33 (patch)
tree: 6cc39f5ee23aa41accc1baffb7db5a7444859fce /src
parent: 07f8a4aa49a84ec61513788d5ddf521f3de5a0ba (diff)
30 files changed, 59 insertions, 11 deletions
diff --git a/src/binfmt.c b/src/binfmt.c
index a815a112e8..552d8cc227 100644
--- a/src/binfmt.c
+++ b/src/binfmt.c
@@ -127,6 +127,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (argc > 1) {
                 r = apply_file(argv[1], false);
         } else {
diff --git a/src/cryptsetup-generator.c b/src/cryptsetup-generator.c
index db8ebdfb18..a340218fda 100644
--- a/src/cryptsetup-generator.c
+++ b/src/cryptsetup-generator.c
@@ -246,6 +246,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (!(f = fopen("/etc/crypttab", "re"))) {
 
                 if (errno == ENOENT)
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index c0caf9a930..cf288de631 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -241,6 +241,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (streq(argv[1], "attach")) {
                 uint32_t flags = 0;
                 int k;
diff --git a/src/execute.c b/src/execute.c
index 7b2567976d..f07d018a37 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -1402,7 +1402,7 @@ fail_parent:
 void exec_context_init(ExecContext *c) {
         assert(c);
 
-        c->umask = 0002;
+        c->umask = 0022;
         c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
         c->cpu_sched_policy = SCHED_OTHER;
         c->syslog_priority = LOG_DAEMON|LOG_INFO;
diff --git a/src/fsck.c b/src/fsck.c
index 19ca75311b..5d9cf24f4d 100644
--- a/src/fsck.c
+++ b/src/fsck.c
@@ -163,6 +163,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         parse_proc_cmdline();
         test_files();
 
diff --git a/src/getty-generator.c b/src/getty-generator.c
index 7b91094b31..b8228e9822 100644
--- a/src/getty-generator.c
+++ b/src/getty-generator.c
@@ -73,6 +73,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (detect_container(NULL) > 0) {
                 log_debug("Automatic adding console shell.");
 
diff --git a/src/hostnamed.c b/src/hostnamed.c
index 7b2ce691a3..e3b89a4c62 100644
--- a/src/hostnamed.c
+++ b/src/hostnamed.c
@@ -559,6 +559,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (argc == 2 && streq(argv[1], "--introspect")) {
                 fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
                       "<node>\n", stdout);
@@ -576,8 +578,6 @@ int main(int argc, char *argv[]) {
         if (!check_nss())
                 log_warning("Warning: nss-myhostname is not installed. Changing the local hostname might make it unresolveable. Please install nss-myhostname!");
 
-        umask(0022);
-
         r = read_data();
         if (r < 0) {
                 log_error("Failed to read hostname data: %s", strerror(-r));
diff --git a/src/initctl.c b/src/initctl.c
index dd743142fd..7096a824b0 100644
--- a/src/initctl.c
+++ b/src/initctl.c
@@ -364,6 +364,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if ((n = sd_listen_fds(true)) < 0) {
                 log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
                 return EXIT_FAILURE;
diff --git a/src/kmsg-syslogd.c b/src/kmsg-syslogd.c
index 60d3244b3b..83c2047a7a 100644
--- a/src/kmsg-syslogd.c
+++ b/src/kmsg-syslogd.c
@@ -455,6 +455,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if ((n = sd_listen_fds(true)) < 0) {
                 log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
                 return EXIT_FAILURE;
diff --git a/src/localed.c b/src/localed.c
index 93e4e9bd56..cb8acf2079 100644
--- a/src/localed.c
+++ b/src/localed.c
@@ -575,6 +575,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (argc == 2 && streq(argv[1], "--introspect")) {
                 fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
                       "<node>\n", stdout);
@@ -589,8 +591,6 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
-        umask(0022);
-
         r = read_data();
         if (r < 0) {
                 log_error("Failed to read locale data: %s", strerror(-r));
diff --git a/src/logger.c b/src/logger.c
index 81196dbe00..435d5a7620 100644
--- a/src/logger.c
+++ b/src/logger.c
@@ -637,6 +637,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if ((n = sd_listen_fds(true)) < 0) {
                 log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
                 return EXIT_FAILURE;
diff --git a/src/logind.c b/src/logind.c
index ca48aa137f..b84242e1ed 100644
--- a/src/logind.c
+++ b/src/logind.c
@@ -1193,14 +1193,14 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (argc != 1) {
                 log_error("This program takes no arguments.");
                 r = -EINVAL;
                 goto finish;
         }
 
-        umask(0022);
-
         m = manager_new();
         if (!m) {
                 log_error("Out of memory");
diff --git a/src/machine-id-setup.c b/src/machine-id-setup.c
index be51d0dec7..519521fe67 100644
--- a/src/machine-id-setup.c
+++ b/src/machine-id-setup.c
@@ -167,7 +167,10 @@ int machine_id_setup(void) {
 
         mkdir_p("/run/systemd", 0755);
 
+        m = umask(0022);
         r = write_one_line_file("/run/systemd/machine-id", id);
+        umask(m);
+
         if (r < 0) {
                 log_error("Cannot write /run/systemd/machine-id: %s", strerror(-r));
 
diff --git a/src/modules-load.c b/src/modules-load.c
index d76defa515..4b3b12109c 100644
--- a/src/modules-load.c
+++ b/src/modules-load.c
@@ -46,6 +46,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (!(arguments = strv_new("/sbin/modprobe", "-sab", "--", NULL))) {
                 log_error("Failed to allocate string array");
                 goto finish;
diff --git a/src/nspawn.c b/src/nspawn.c
index a1ed425f05..f4d63ea265 100644
--- a/src/nspawn.c
+++ b/src/nspawn.c
@@ -314,7 +314,6 @@ static int copy_devnodes(const char *dest, const char *console) {
         }
 
 finish:
-
         umask(u);
 
         return r;
@@ -776,7 +775,7 @@ int main(int argc, char *argv[]) {
                         goto child_fail;
                 }
 
-                umask(0002);
+                umask(0022);
 
                 if (drop_capabilities() < 0)
                         goto child_fail;
diff --git a/src/quotacheck.c b/src/quotacheck.c
index ba12b27caa..c475cecc91 100644
--- a/src/quotacheck.c
+++ b/src/quotacheck.c
@@ -90,6 +90,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         parse_proc_cmdline();
         test_files();
 
diff --git a/src/random-seed.c b/src/random-seed.c
index 054233e660..ee5cae315c 100644
--- a/src/random-seed.c
+++ b/src/random-seed.c
@@ -47,6 +47,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         /* Read pool size, if possible */
         if ((f = fopen("/proc/sys/kernel/random/poolsize", "re"))) {
                 fscanf(f, "%zu", &buf_size);
diff --git a/src/readahead-collect.c b/src/readahead-collect.c
index 20881b3944..df467f1a42 100644
--- a/src/readahead-collect.c
+++ b/src/readahead-collect.c
@@ -656,6 +656,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if ((r = parse_argv(argc, argv)) <= 0)
                 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 
diff --git a/src/readahead-replay.c b/src/readahead-replay.c
index 0b84528b0e..e97a0cfbbf 100644
--- a/src/readahead-replay.c
+++ b/src/readahead-replay.c
@@ -340,6 +340,8 @@ int main(int argc, char*argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if ((r = parse_argv(argc, argv)) <= 0)
                 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 
diff --git a/src/remount-api-vfs.c b/src/remount-api-vfs.c
index 5b1872833a..8bbc021dc4 100644
--- a/src/remount-api-vfs.c
+++ b/src/remount-api-vfs.c
@@ -52,6 +52,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (!(f = setmntent("/etc/fstab", "r"))) {
                 log_error("Failed to open /etc/fstab: %m");
                 goto finish;
diff --git a/src/shutdown.c b/src/shutdown.c
index 52bad21971..1c6dc6597b 100644
--- a/src/shutdown.c
+++ b/src/shutdown.c
@@ -295,6 +295,8 @@ int main(int argc, char *argv[]) {
         log_set_target(LOG_TARGET_CONSOLE); /* syslog will die if not gone yet */
         log_open();
 
+        umask(0022);
+
         if (getpid() != 1) {
                 log_error("Not executed by init (pid 1).");
                 r = -EPERM;
diff --git a/src/shutdownd.c b/src/shutdownd.c
index 49ab8863e4..0ffa8b2881 100644
--- a/src/shutdownd.c
+++ b/src/shutdownd.c
@@ -193,6 +193,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if ((n_fds = sd_listen_fds(true)) < 0) {
                 log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
                 return EXIT_FAILURE;
diff --git a/src/sysctl.c b/src/sysctl.c
index 9f7acfce8b..8bdfb0811c 100644
--- a/src/sysctl.c
+++ b/src/sysctl.c
@@ -228,6 +228,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (argc > optind)
                 r = apply_file(argv[optind], false);
         else {
diff --git a/src/timedated.c b/src/timedated.c
index 4abcf1af73..4bde0355a5 100644
--- a/src/timedated.c
+++ b/src/timedated.c
@@ -578,6 +578,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (argc == 2 && streq(argv[1], "--introspect")) {
                 fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
                       "<node>\n", stdout);
@@ -592,8 +594,6 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
-        umask(0022);
-
         r = read_data();
         if (r < 0) {
                 log_error("Failed to read timezone data: %s", strerror(-r));
diff --git a/src/tmpfiles.c b/src/tmpfiles.c
index 3a1985a363..421a9154c5 100644
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@@ -972,6 +972,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         label_init();
 
         items = hashmap_new(string_hash_func, string_compare_func);
diff --git a/src/tty-ask-password-agent.c b/src/tty-ask-password-agent.c
index ca183c350b..43d008fc70 100644
--- a/src/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent.c
@@ -728,6 +728,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if ((r = parse_argv(argc, argv)) <= 0)
                 goto finish;
 
diff --git a/src/uaccess.c b/src/uaccess.c
index 786f0ef641..49ac4af0f4 100644
--- a/src/uaccess.c
+++ b/src/uaccess.c
@@ -38,6 +38,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (argc < 2 || argc > 3) {
                 log_error("This program expects one or two arguments.");
                 r = -EINVAL;
diff --git a/src/update-utmp.c b/src/update-utmp.c
index b06f5a06cb..f81e7f495f 100644
--- a/src/update-utmp.c
+++ b/src/update-utmp.c
@@ -373,6 +373,8 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
 #ifdef HAVE_AUDIT
         if ((c.audit_fd = audit_open()) < 0)
                 log_error("Failed to connect to audit log: %m");
diff --git a/src/user-sessions.c b/src/user-sessions.c
index ffb8657436..df46b76c87 100644
--- a/src/user-sessions.c
+++ b/src/user-sessions.c
@@ -39,6 +39,8 @@ int main(int argc, char*argv[]) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (streq(argv[1], "start")) {
                 int q = 0, r = 0;
 
diff --git a/src/vconsole-setup.c b/src/vconsole-setup.c
index 68ebac9ae4..4347a2078f 100644
--- a/src/vconsole-setup.c
+++ b/src/vconsole-setup.c
@@ -171,6 +171,8 @@ int main(int argc, char **argv) {
         log_parse_environment();
         log_open();
 
+        umask(0022);
+
         if (argv[1])
                 vc = argv[1];
         else
author	Lennart Poettering <lennart@poettering.net>	2011-08-01 20:52:18 +0200
committer	Lennart Poettering <lennart@poettering.net>	2011-08-01 20:52:18 +0200
commit	4c12626c8e3491570b395d68380543e10c98ad33 (patch)
tree	6cc39f5ee23aa41accc1baffb7db5a7444859fce /src
parent	07f8a4aa49a84ec61513788d5ddf521f3de5a0ba (diff)