Skip to content

Create a file with permissions that respects umask #2851

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 20, 2020
Merged

Create a file with permissions that respects umask #2851

merged 2 commits into from
Aug 20, 2020

Conversation

niw
Copy link
Contributor

@niw niw commented Aug 10, 2020
edited
Loading

Problem

Data.write(to:) is a only method in the Foundation that can create a
regular file.
However, it ignores umask and always set 0600 permission unlike
macOS Foundation, which respects process umask.

Solution

  1. With .atomic write option

    It uses mkstemp(3) in _NSCreateTemporaryFile, which is always
    creating a file with 0600 permission, if the system follows
    the latest POSIX specification or the permission is undefined.

    On macOS Foundation, therefore _NSCreateTemporaryFile uses
    mktemp(3) and open(2) instead to respect umask.

  2. Without .atomic write option

    It uses 0o600 even if it uses open(2) that respects umask.
    Simply gives 0o666 instead.

This is a bug caused by previous commit in
#1876.

Swift JIRA is https://bugs.swift.org/browse/SR-13307.

@niw
Create a file with permissions that respects umask
82244a7 
**Problem**

`Data.write(to:)` is a only method in the Foundation that can create a
regular file.
However, it ignores `uamask` and always set 0600 permission unlike
macOS Foundation, which respects process `umask`.

**Solution**

1. With `.atomic` write option

It uses `mkstemp(3)` in `_NSCreateTemporaryFile`, which is always
creating a file with 0600 permission, if the system follows
the latest POSIX specification or the permission is undefined.

On macOS Foundation, therefore `_NSCreateTemporaryFile` uses
`mktemp(3)` and `open(2)` instead to respect `umask`.

2. Without `.atomic` write option

It uses `0o600` even if it uses `open(2)` that respects `umask`.
Simply gives `0o666` instead.

This is a bug caused by previous commit in
swiftlang#1876.

JIRA: https://bugs.swift.org/browse/SR-13307
@niw niw mentioned this pull request Aug 10, 2020
Merged
@spevans
Copy link
Contributor

spevans commented Aug 10, 2020

Could you add a regression test that validates that a file is created with the correct permissions, thanks

@spevans
Copy link
Contributor

spevans commented Aug 10, 2020

@swift-ci test

@niw
Copy link
Contributor Author

niw commented Aug 10, 2020
edited
Loading

@spevans Sure! the test need to change process’s umask which is global therefore it need to not be reentrant.

@millenomi
Copy link
Contributor

@swift-ci please test

@millenomi millenomi merged commit 61f1372 into swiftlang:master Aug 20, 2020
@compnerd compnerd mentioned this pull request Aug 20, 2020
Merged
@niw niw mentioned this pull request Aug 25, 2020
Merged
@niw niw mentioned this pull request Aug 14, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@niw @spevans @millenomi