From 8587a2937020eca2fda3efbcf31862697e7f5b3f Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vokada@mrvinn.com>
Date: Sun, 15 Mar 2015 12:54:36 -0600
Subject: Change permissions on backup files

Use more restrictive permissions for backup tar files and for the db,
uploads, and repositories directories inside the tar files.
---
 lib/backup/manager.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib')

diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb
index ab8db4e9837..b499e5755bd 100644
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
@@ -17,14 +17,18 @@ module Backup
         file << s.to_yaml.gsub(/^---\n/,'')
       end
 
+      FileUtils.chmod_R(0700, %w{db uploads repositories})
+
       # create archive
       $progress.print "Creating backup archive: #{tar_file} ... "
+      orig_umask = File.umask(0077)
       if Kernel.system('tar', '-cf', tar_file, *BACKUP_CONTENTS)
         $progress.puts "done".green
       else
         puts "creating archive #{tar_file} failed".red
         abort 'Backup failed'
       end
+      File.umask(orig_umask)
 
       upload(tar_file)
     end
-- 
cgit v1.2.3