filesystem: make WriteFile file permissions more restrictive

Currently, the only usage of 'WriteFile()' is in the daemon providers, used
to write out their respective daemon configurations. The permissions '644'
were selected somewhat arbitrarily (corresponding to Git's "non-executable"
file mode). However, all other file writing in the repository uses the
permissions '600' (removing read permissions for group & all).

The daemon configuration files do not actually need anything more permissive
than '600', so change 'WriteFile()'s permissions accordingly. Then, rather
than simply modify the hardcoded value, create a const
'DefaultFilePermissions' to store the value, and do the same for 0o755 as
'DefaultDirPermissions'.

In addition to internal consistency, this sets us up to more easily use
'common.FileSystem' for file writing across the repository.

Signed-off-by: Victoria Dye <[email protected]>

Author: vdye

internal/common/filesystem.go

@@ -4,11 +4,17 @@ import (
 	"bufio"
 	"errors"
 	"fmt"
+	"io/fs"
 	"os"
 	"path"
 	"syscall"
 )
 
+const (
+	DefaultFilePermissions fs.FileMode = 0o600
+	DefaultDirPermissions  fs.FileMode = 0o755
+)
+
 type FileSystem interface {
 	FileExists(filename string) (bool, error)
 	WriteFile(filename string, content []byte) error
@@ -36,12 +42,12 @@ func (f *fileSystem) FileExists(filename string) (bool, error) {
 func (f *fileSystem) WriteFile(filename string, content []byte) error {
 	// Get filename parent path
 	parentDir := path.Dir(filename)
-	err := os.MkdirAll(parentDir, 0o755)
+	err := os.MkdirAll(parentDir, DefaultDirPermissions)
 	if err != nil {
 		return fmt.Errorf("error creating parent directories: %w", err)
 	}
 
-	err = os.WriteFile(filename, content, 0o644)
+	err = os.WriteFile(filename, content, DefaultFilePermissions)
 	if err != nil {
 		return fmt.Errorf("could not write file: %w", err)
 	}