umask for borgmatic itself #189
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#189
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Borgmatic lets you set a umask for
borg create
, but it would be nice to allow setting an umask for the hooks as well, or maybe for the entire borgmatic process.Of course it's already possible by specifying a umask in the script itself, but that is easily forgotten and has to be repeated for each task.
I'm currently using something like:
But would like to be able to leave out the umask call, and have 077 be the default that can be overridden. Perhaps:
Especially because many novice system administrators probably only know
chmod
and are likely to introduce race conditions, I think it would be advisable for borgmatic to use a strict umask such as 077 by default.Makes sense, thanks for filing! Can you think of anything off-hand that would benefit from this sort of umask other than borgmatic hooks?
Not currently, but by umask'ing the whole thing does protect against future data leaks whenever new features in borg or borgmatic result in new files being written with broad permissions. Of course, that hypothetical future behaviour could either be a bug or a feature, so it could just as well break the backups. This is mostly philosophical: err on the side of data secrecy or data redundancy :)
Yup, understood. The reason I ask is because: 1. If it's in the hooks section of config as per your example, it should probably only apply to hooks, and 2. I'm not sure how to apply a umask to the whole borgmatic process such that it also applies to subprocesses. Maybe
os.umask()
just works for that?Child processes will inherit the umask from the parent process.
Honestly I don't know if it's better to set a umask for the entire thing, or just for the hooks. I'd be happy with either!
This is done and implemented in master. I'll follow up here when it's released (soon!). I went with the hooks section "umask", as that seemed less likely to have unintended impacts / interactions (for instance with Borg's own umask). Thanks for the suggestion!
Just released as part of borgmatic 1.3.6. Enjoy!