diff options
| -rw-r--r-- | src/confdb/confdb.c | 2 | ||||
| -rw-r--r-- | src/util/debug.c | 2 | ||||
| -rw-r--r-- | src/util/server.c | 5 | ||||
| -rw-r--r-- | src/util/util.h | 3 |
4 files changed, 7 insertions, 5 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index d811f7cbf..0f76a3d14 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -659,7 +659,7 @@ int confdb_init(TALLOC_CTX *mem_ctx, return EIO; } - old_umask = umask(0177); + old_umask = umask(SSS_DFL_UMASK); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); umask(old_umask); diff --git a/src/util/debug.c b/src/util/debug.c index 69df54386..bd13fdecd 100644 --- a/src/util/debug.c +++ b/src/util/debug.c @@ -362,7 +362,7 @@ int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec) if (debug_file && !filep) fclose(debug_file); - old_umask = umask(0177); + old_umask = umask(SSS_DFL_UMASK); errno = 0; f = fopen(logpath, "a"); if (f == NULL) { diff --git a/src/util/server.c b/src/util/server.c index 7e9b76f74..036dace04 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -490,9 +490,8 @@ int server_setup(const char *name, int flags, setup_signals(); - /* we want default permissions on created files to be very strict, - so set our umask to 0177 */ - umask(0177); + /* we want default permissions on created files to be very strict */ + umask(SSS_DFL_UMASK); if (flags & FLAGS_DAEMON) { DEBUG(SSSDBG_IMPORTANT_INFO, "Becoming a daemon.\n"); diff --git a/src/util/util.h b/src/util/util.h index f9fe1ca71..9658d79fe 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -64,6 +64,9 @@ #define SSS_ATTRIBUTE_PRINTF(a1, a2) #endif +/** Default secure umask */ +#define SSS_DFL_UMASK 0177 + extern const char *debug_prg_name; extern int debug_level; extern int debug_timestamps; |