Tighten umask to make sure temporary rsync files are created
with strict permissions that don't grant access to unprivileged
users.
Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Change-Id: Ie662edfd615a24ce08cbddb9347f197de41d4d27
Reviewed-on: http://review.whamcloud.com/4699
Tested-by: Hudson
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Keith Mannthey <keith.mannthey@intel.com>
# If rsync copies lustre xattrs in the future, then we can skip lfs (bug 22189)
strings $(which $RSYNC) 2>&1 | grep -q lustre && LFS=:
+# rsync creates its temporary files with lenient permissions, even if
+# permissions on the original files are more strict. Tighten umask here
+# to avoid the brief window where unprivileged users might be able to
+# access the temporary file.
+umask 0077
+
lfs_migrate() {
while IFS='' read -d '' OLDNAME; do
$ECHO -n "$OLDNAME: "