diff options
author | Will Greenberg <willg@eff.org> | 2022-11-09 21:40:25 +0300 |
---|---|---|
committer | Will Greenberg <willg@eff.org> | 2022-11-10 23:41:10 +0300 |
commit | ca3fc572a93a0ad04a9ae71c56a2393f6eaeb370 (patch) | |
tree | e1d63b4c93e7b753adcf62947070a2810455489a | |
parent | c4ef1f396293049128b3cd665200608165e2301e (diff) |
main: set more permissive umask when creating work_dirfix-9423
This'll guarantee our working dir has the appropriate permissions,
even when a user has a strict umask
-rw-r--r-- | certbot/certbot/_internal/main.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/certbot/certbot/_internal/main.py b/certbot/certbot/_internal/main.py index 098ce3243..260de1303 100644 --- a/certbot/certbot/_internal/main.py +++ b/certbot/certbot/_internal/main.py @@ -1643,7 +1643,10 @@ def make_or_verify_needed_dirs(config: configuration.NamespaceConfig) -> None: """ util.set_up_core_dir(config.config_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions) - util.set_up_core_dir(config.work_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions) + + # Ensure the working directory has the expected mode, even under stricter umask settings + with filesystem.temp_umask(0o022): + util.set_up_core_dir(config.work_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions) hook_dirs = (config.renewal_pre_hooks_dir, config.renewal_deploy_hooks_dir, |