src/bin/pxar.rs: set archive permissions to 0o640

As the archive can contain potentially sensitive data such as key files, it makes
sense to restrict the permissions.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
This commit is contained in:
Christian Ebner 2019-05-27 14:16:13 +02:00 committed by Dietmar Maurer
parent ab87f167f1
commit af309d4d5c
1 changed files with 4 additions and 1 deletions

View File

@ -11,6 +11,8 @@ use serde_json::{Value};
use std::io::Write; use std::io::Write;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::fs::OpenOptions;
use std::os::unix::fs::OpenOptionsExt;
use proxmox_backup::pxar; use proxmox_backup::pxar;
@ -119,9 +121,10 @@ fn create_archive(
let mut dir = nix::dir::Dir::open( let mut dir = nix::dir::Dir::open(
&source, nix::fcntl::OFlag::O_NOFOLLOW, nix::sys::stat::Mode::empty())?; &source, nix::fcntl::OFlag::O_NOFOLLOW, nix::sys::stat::Mode::empty())?;
let file = std::fs::OpenOptions::new() let file = OpenOptions::new()
.create_new(true) .create_new(true)
.write(true) .write(true)
.mode(0o640)
.open(archive)?; .open(archive)?;
let mut writer = std::io::BufWriter::with_capacity(1024*1024, file); let mut writer = std::io::BufWriter::with_capacity(1024*1024, file);