Change default umask when creating dirctories

Security best practices recommend changing the default umask from 022 to 027 to harden systems. However, when users set umask to 027, netplan creates directories with permissions that are not accessible to backends like systemd-network, resulting in issues during network configuration. This patch ensures that netplan generates directories with a 0755 mask, regardless of the user's umask. fixes: lp2076319
canonical · Aug 13, 2024 · 62bb680 · 62bb680
1 parent 6b44b49
commit 62bb680
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/util.c b/src/util.c
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <sys/mman.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <pwd.h>
 #include <grp.h>
 
@@ -54,11 +55,13 @@ void
 _netplan_safe_mkdir_p_dir(const char* file_path)
 {
     g_autofree char* dir = g_path_get_dirname(file_path);
+    mode_t orig_umask = umask(022);
 
     if (g_mkdir_with_parents(dir, 0755) < 0) {
         g_fprintf(stderr, "ERROR: cannot create directory %s: %m\n", dir);
         exit(1);
     }
+    umask(orig_umask);
 }
 
 /**