From 0f9d88bf2e1f2d14be8fa30810948ef0e4107f42 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Fri, 4 Mar 2022 20:53:10 +0100
Subject: [PATCH 1/2] SaveFile: respect umask for final file mode, fixes #6400

---
 src/borg/platform/base.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/borg/platform/base.py b/src/borg/platform/base.py
index 1eb929ee2..2bd712cf6 100644
--- a/src/borg/platform/base.py
+++ b/src/borg/platform/base.py
@@ -4,6 +4,7 @@ import socket
 import tempfile
 import uuid
 
+from borg.constants import UMASK_DEFAULT
 from borg.helpers import safe_unlink
 from borg.platformflags import is_win32
 
@@ -237,6 +238,15 @@ class SaveFile:
         if exc_type is not None:
             safe_unlink(self.tmp_fname)  # with-body has failed, clean up tmp file
             return  # continue processing the exception normally
+
+        # tempfile.mkstemp always uses owner-only file permissions for the temp file,
+        # but as we'll rename it to the non-temp permanent file now, we need to respect
+        # the umask and change the file mode to what a normally created file would have.
+        # thanks to the crappy os.umask api, we can't query the umask without setting it. :-(
+        umask = os.umask(UMASK_DEFAULT)
+        os.umask(umask)
+        os.chmod(self.tmp_fname, mode=0o666 & ~ umask)
+
         try:
             os.replace(self.tmp_fname, self.path)  # POSIX: atomic rename
         except OSError:

From dd0ae1e48dd3e9243b3b4752f2cf16a069b98292 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Fri, 4 Mar 2022 21:21:46 +0100
Subject: [PATCH 2/2] ensure_dir: respect umask for created directory modes,
 fixes #6400

we tried to be very private / secure here, but that created the issue
that a less secure umask (like e.g. 0o007) just did not work.

to make the umask work, we must start from 0o777 mode and let the
umask do its work, like e.g. 0o777 & ~0o007 --> 0o770.

with borg's default umask of 0o077, it usually ends up being 0o700,
so only permissions for the user (not group, not others).
---
 src/borg/helpers/fs.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/borg/helpers/fs.py b/src/borg/helpers/fs.py
index a2ac49876..d1a412da0 100644
--- a/src/borg/helpers/fs.py
+++ b/src/borg/helpers/fs.py
@@ -21,12 +21,12 @@ logger = create_logger()
 py_37_plus = sys.version_info >= (3, 7)
 
 
-def ensure_dir(path, mode=stat.S_IRWXU, pretty_deadly=True):
+def ensure_dir(path, mode=stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO, pretty_deadly=True):
     """
     Ensures that the dir exists with the right permissions.
     1) Make sure the directory exists in a race-free operation
     2) If mode is not None and the directory has been created, give the right
-    permissions to the leaf directory
+    permissions to the leaf directory. The current umask value is masked out first.
     3) If pretty_deadly is True, catch exceptions, reraise them with a pretty
     message.
     Returns if the directory has been created and has the right permissions,