diff options
-rw-r--r-- | certbot/certbot/_internal/main.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/certbot/certbot/_internal/main.py b/certbot/certbot/_internal/main.py index 098ce3243..260de1303 100644 --- a/certbot/certbot/_internal/main.py +++ b/certbot/certbot/_internal/main.py @@ -1643,7 +1643,10 @@ def make_or_verify_needed_dirs(config: configuration.NamespaceConfig) -> None: """ util.set_up_core_dir(config.config_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions) - util.set_up_core_dir(config.work_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions) + + # Ensure the working directory has the expected mode, even under stricter umask settings + with filesystem.temp_umask(0o022): + util.set_up_core_dir(config.work_dir, constants.CONFIG_DIRS_MODE, config.strict_permissions) hook_dirs = (config.renewal_pre_hooks_dir, config.renewal_deploy_hooks_dir, |