src/bin/pxar.rs: set archive permissions to 0o640
As the archive can contain potentially sensitive data such as key files, it makes sense to restrict the permissions. Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
This commit is contained in:
parent
ab87f167f1
commit
af309d4d5c
|
@ -11,6 +11,8 @@ use serde_json::{Value};
|
||||||
|
|
||||||
use std::io::Write;
|
use std::io::Write;
|
||||||
use std::path::{Path, PathBuf};
|
use std::path::{Path, PathBuf};
|
||||||
|
use std::fs::OpenOptions;
|
||||||
|
use std::os::unix::fs::OpenOptionsExt;
|
||||||
|
|
||||||
use proxmox_backup::pxar;
|
use proxmox_backup::pxar;
|
||||||
|
|
||||||
|
@ -119,9 +121,10 @@ fn create_archive(
|
||||||
let mut dir = nix::dir::Dir::open(
|
let mut dir = nix::dir::Dir::open(
|
||||||
&source, nix::fcntl::OFlag::O_NOFOLLOW, nix::sys::stat::Mode::empty())?;
|
&source, nix::fcntl::OFlag::O_NOFOLLOW, nix::sys::stat::Mode::empty())?;
|
||||||
|
|
||||||
let file = std::fs::OpenOptions::new()
|
let file = OpenOptions::new()
|
||||||
.create_new(true)
|
.create_new(true)
|
||||||
.write(true)
|
.write(true)
|
||||||
|
.mode(0o640)
|
||||||
.open(archive)?;
|
.open(archive)?;
|
||||||
|
|
||||||
let mut writer = std::io::BufWriter::with_capacity(1024*1024, file);
|
let mut writer = std::io::BufWriter::with_capacity(1024*1024, file);
|
||||||
|
|
Loading…
Reference in New Issue