main: set more permissive umask when creating work_dirfix-9423

This'll guarantee our working dir has the appropriate permissions, even when a user has a strict umask
author: Will Greenberg <willg@eff.org> 2022-11-09 21:40:25 +0300
committer: Will Greenberg <willg@eff.org> 2022-11-10 23:41:10 +0300
commit: ca3fc572a93a0ad04a9ae71c56a2393f6eaeb370 (patch)
tree: e1d63b4c93e7b753adcf62947070a2810455489a
parent: c4ef1f396293049128b3cd665200608165e2301e (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/certbot/certbot/_internal/main.py b/certbot/certbot/_internal/main.py
index 098ce3243..260de1303 100644
--- a/certbot/certbot/_internal/main.py
+++ b/certbot/certbot/_internal/main.py
@@ -1643,7 +1643,10 @@ def make_or_verify_needed_dirs(config: configuration.NamespaceConfig) -> None:
 
     """
     util.set_up_core_dir(config.config_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions)
-    util.set_up_core_dir(config.work_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions)
+
+    # Ensure the working directory has the expected mode, even under stricter umask settings
+    with filesystem.temp_umask(0o022):
+        util.set_up_core_dir(config.work_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions)
 
     hook_dirs = (config.renewal_pre_hooks_dir,
                  config.renewal_deploy_hooks_dir,
author	Will Greenberg <willg@eff.org>	2022-11-09 21:40:25 +0300
committer	Will Greenberg <willg@eff.org>	2022-11-10 23:41:10 +0300
commit	ca3fc572a93a0ad04a9ae71c56a2393f6eaeb370 (patch)
tree	e1d63b4c93e7b753adcf62947070a2810455489a
parent	c4ef1f396293049128b3cd665200608165e2301e (diff)