ensure_dir: respect umask for created directory modes, fixes #6400

we tried to be very private / secure here, but that created the issue
that a less secure umask (like e.g. 0o007) just did not work.

to make the umask work, we must start from 0o777 mode and let the
umask do its work, like e.g. 0o777 & ~0o007 --> 0o770.

with borg's default umask of 0o077, it usually ends up being 0o700,
so only permissions for the user (not group, not others).

Author: ThomasWaldmann

src/borg/helpers.py

@@ -513,12 +513,12 @@ def prune_split(archives, pattern, n, skip=[]):
     return keep
 
 
-def ensure_dir(path, mode=stat.S_IRWXU, pretty_deadly=True):
+def ensure_dir(path, mode=stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO, pretty_deadly=True):
     """
     Ensures that the dir exists with the right permissions.
     1) Make sure the directory exists in a race-free operation
     2) If mode is not None and the directory has been created, give the right
-    permissions to the leaf directory
+    permissions to the leaf directory. The current umask value is masked out first.
     3) If pretty_deadly is True, catch exceptions, reraise them with a pretty
     message.
     Returns if the directory has been created and has the right permissions,