filesystem: make WriteFile file permissions more restrictive

vdye · vdye · commit 830bcfa67090 · 2023-03-01T14:10:05.000-08:00
Currently, the only usage of 'WriteFile()' is in the daemon providers, used
to write out their respective daemon configurations. The permissions '644'
were selected somewhat arbitrarily (corresponding to Git's "non-executable"
file mode). However, all other file writing in the repository uses the
permissions '600' (removing read permissions for group &amp; all). The daemon
configuration files do not actually need more than that, so change
'WriteFile()'s permissions to '600'. In addition to internal consistency,
this sets us up to more easily use 'common.FileSystem' for file writing
across the repository.

Signed-off-by: Victoria Dye &lt;vdye@github.com&gt;
diff --git a/internal/common/filesystem.go b/internal/common/filesystem.go
@@ -41,7 +41,7 @@ func (f *fileSystem) WriteFile(filename string, content []byte) error {
 		return fmt.Errorf("error creating parent directories: %w", err)
 	}
 
-	err = os.WriteFile(filename, content, 0o644)
+	err = os.WriteFile(filename, content, 0o600)
 	if err != nil {
 		return fmt.Errorf("could not write file: %w", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func (f *fileSystem) WriteFile(filename string, content []byte) error {`
`41`	`41`	`return fmt.Errorf("error creating parent directories: %w", err)`
`42`	`42`	`}`
`43`	`43`
`44`		`- err = os.WriteFile(filename, content, 0o644)`
	`44`	`+ err = os.WriteFile(filename, content, 0o600)`
`45`	`45`	`if err != nil {`
`46`	`46`	`return fmt.Errorf("could not write file: %w", err)`
`47`	`47`	`}`