saveconfig: set 0o600 perms on backupfiles

Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
author: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> 2020-05-29 14:51:28 +0530
committer: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> 2020-06-01 11:49:49 +0530
commit: 1940a17986deaab92e6be395f20ee55dac0ac2bd (patch)
tree: 983335881e440ddd68a17edebca7295ad0b65280
parent: bab9fc16236c4aceade31e95327bc7b493bb157a (diff)
download: targetcli-1940a17986deaab92e6be395f20ee55dac0ac2bd.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py
index 26815bd..6e99b8c 100644
--- a/targetcli/ui_root.py
+++ b/targetcli/ui_root.py
@@ -125,12 +125,17 @@ class UIRoot(UINode):
 
         # Save backup if backup dir is empty, or savefile is differnt from recent backup copy
         if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile):
+            mode = stat.S_IRUSR | stat.S_IWUSR # 0o600
+            umask = 0o777 ^ mode  # Prevents always downgrading umask to 0
+            umask_original = os.umask(umask)
             try:
                 with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out:
                     shutil.copyfileobj(f_in, f_out)
                     f_out.flush()
             except IOError as ioe:
                 backup_error = ioe.strerror or "Unknown error"
+            finally:
+                os.umask(umask_original)
 
             if backup_error == None:
                 # remove excess backups
author	Prasanna Kumar Kalever <prasanna.kalever@redhat.com>	2020-05-29 14:51:28 +0530
committer	Prasanna Kumar Kalever <prasanna.kalever@redhat.com>	2020-06-01 11:49:49 +0530
commit	1940a17986deaab92e6be395f20ee55dac0ac2bd (patch)
tree	983335881e440ddd68a17edebca7295ad0b65280
parent	bab9fc16236c4aceade31e95327bc7b493bb157a (diff)
download	targetcli-1940a17986deaab92e6be395f20ee55dac0ac2bd.tar.gz