From 6a5718691fbc7b4ceca1aa4e4f09c2af0d428175 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Fri, 4 Mar 2022 20:53:10 +0100
Subject: [PATCH 1/2] SaveFile: respect umask for final file mode, fixes #6400

---
 src/borg/platform/base.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/borg/platform/base.py b/src/borg/platform/base.py
index 112c337426..21ff327b23 100644
--- a/src/borg/platform/base.py
+++ b/src/borg/platform/base.py
@@ -4,6 +4,7 @@
 import tempfile
 import uuid
 
+from borg.constants import UMASK_DEFAULT
 from borg.helpers import safe_unlink
 
 """
@@ -193,6 +194,15 @@ def __exit__(self, exc_type, exc_val, exc_tb):
         if exc_type is not None:
             safe_unlink(self.tmp_fname)  # with-body has failed, clean up tmp file
             return  # continue processing the exception normally
+
+        # tempfile.mkstemp always uses owner-only file permissions for the temp file,
+        # but as we'll rename it to the non-temp permanent file now, we need to respect
+        # the umask and change the file mode to what a normally created file would have.
+        # thanks to the crappy os.umask api, we can't query the umask without setting it. :-(
+        umask = os.umask(UMASK_DEFAULT)
+        os.umask(umask)
+        os.chmod(self.tmp_fname, mode=0o666 & ~ umask)
+
         try:
             os.replace(self.tmp_fname, self.path)  # POSIX: atomic rename
         except OSError:

From 988a27c44cfb106ff42f1cd511163fc0519c4f10 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Fri, 4 Mar 2022 21:21:46 +0100
Subject: [PATCH 2/2] ensure_dir: respect umask for created directory modes,
 fixes #6400

we tried to be very private / secure here, but that created the issue
that a less secure umask (like e.g. 0o007) just did not work.

to make the umask work, we must start from 0o777 mode and let the
umask do its work, like e.g. 0o777 & ~0o007 --> 0o770.

with borg's default umask of 0o077, it usually ends up being 0o700,
so only permissions for the user (not group, not others).
---
 src/borg/helpers.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/borg/helpers.py b/src/borg/helpers.py
index 0736bce357..322d4168b1 100644
--- a/src/borg/helpers.py
+++ b/src/borg/helpers.py
@@ -513,12 +513,12 @@ def prune_split(archives, pattern, n, skip=[]):
     return keep
 
 
-def ensure_dir(path, mode=stat.S_IRWXU, pretty_deadly=True):
+def ensure_dir(path, mode=stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO, pretty_deadly=True):
     """
     Ensures that the dir exists with the right permissions.
     1) Make sure the directory exists in a race-free operation
     2) If mode is not None and the directory has been created, give the right
-    permissions to the leaf directory
+    permissions to the leaf directory. The current umask value is masked out first.
     3) If pretty_deadly is True, catch exceptions, reraise them with a pretty
     message.
     Returns if the directory has been created and has the right permissions,