From b49632e79383ea91eaacfaf6fca388942f8e2cde Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Thu, 10 Oct 2013 21:32:27 +0200
Subject: daemon: Set the umask to 022 when starting.

* nix/nix-daemon/guix-daemon.cc (main): Add 'umask' call.
* test-env.in: Remove use of 'umask'.
---
 nix/nix-daemon/guix-daemon.cc | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'nix/nix-daemon/guix-daemon.cc')

diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index e2c30e75a8..4f9fa4c525 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -29,6 +29,7 @@
 #include <argp.h>
 #include <unistd.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <exception>
 
 /* Variables used by `nix-daemon.cc'.  */
@@ -194,6 +195,11 @@ main (int argc, char *argv[])
       exit (EXIT_FAILURE);
     }
 
+  /* Set the umask so that the daemon does not end up creating group-writable
+     files, which would lead to "suspicious ownership or permission" errors.
+     See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.  */
+  umask (S_IWGRP | S_IWOTH);
+
 #ifdef HAVE_CHROOT
   settings.useChroot = true;
 #else
-- 
cgit v1.2.3