From 7c76d091cb333bba696c290c69ce4df14110ae81 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Thu, 7 Nov 2019 11:10:37 +0300
Subject: [PATCH] umask friendly permissions for newly created
 files/directories

---
 doc/news.ru.texi            |  2 ++
 doc/news.texi               |  2 ++
 src/cmd/nncp-bundle/main.go |  2 +-
 src/cmd/nncp-reass/main.go  |  3 +--
 src/cmd/nncp-xfer/main.go   |  7 +++----
 src/ctx.go                  |  2 +-
 src/lockdir.go              |  2 +-
 src/log.go                  |  4 ++--
 src/sp.go                   |  2 +-
 src/tmp.go                  | 16 ++++++++++++----
 src/toss.go                 |  4 ++--
 11 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/doc/news.ru.texi b/doc/news.ru.texi
index 4f15cd7..71a0b8e 100644
--- a/doc/news.ru.texi
+++ b/doc/news.ru.texi
@@ -4,6 +4,8 @@
 @node Релиз 4.2.0
 @subsection Релиз 4.2.0
 @itemize
+@item По умолчанию файлы и директории создаются с 666/777 правами
+    доступа, позволяя управлять ими @command{umask}-ом.
 @item Обновлены зависимости.
 @item Полное использование go модулей для управления зависимостями
     (используется @code{go.cypherpunks.ru/nncp/v4} namespace).
diff --git a/doc/news.texi b/doc/news.texi
index b1e4e40..7a8b9b9 100644
--- a/doc/news.texi
+++ b/doc/news.texi
@@ -6,6 +6,8 @@ See also this page @ref{Новости, on russian}.
 @node Release 4.2.0
 @section Release 4.2.0
 @itemize
+@item Files and directories are created with 666/777 permissions by
+    default, allowing control with @command{umask}.
 @item Updated dependencies.
 @item Full usage of go modules for dependencies management
     (@code{go.cypherpunks.ru/nncp/v4} namespace is used).
diff --git a/src/cmd/nncp-bundle/main.go b/src/cmd/nncp-bundle/main.go
index 05d7dc9..cdeef4f 100644
--- a/src/cmd/nncp-bundle/main.go
+++ b/src/cmd/nncp-bundle/main.go
@@ -370,7 +370,7 @@ func main() {
 						log.Fatalln("Error during syncing:", err)
 					}
 					tmp.Close()
-					if err = os.MkdirAll(selfPath, os.FileMode(0700)); err != nil {
+					if err = os.MkdirAll(selfPath, os.FileMode(0777)); err != nil {
 						log.Fatalln("Error during mkdir:", err)
 					}
 					if err = os.Rename(tmp.Name(), dstPath); err != nil {
diff --git a/src/cmd/nncp-reass/main.go b/src/cmd/nncp-reass/main.go
index a798bd3..bc8f034 100644
--- a/src/cmd/nncp-reass/main.go
+++ b/src/cmd/nncp-reass/main.go
@@ -26,7 +26,6 @@ import (
 	"fmt"
 	"hash"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -172,7 +171,7 @@ func process(ctx *nncp.Ctx, path string, keep, dryRun, stdout, dumpMeta bool) bo
 		dst = os.Stdout
 		sds = nncp.SDS{"path": path}
 	} else {
-		tmp, err = ioutil.TempFile(mainDir, "nncp-reass")
+		tmp, err = nncp.TempFile(mainDir, "reass")
 		if err != nil {
 			log.Fatalln(err)
 		}
diff --git a/src/cmd/nncp-xfer/main.go b/src/cmd/nncp-xfer/main.go
index dc6811c..a2d1d29 100644
--- a/src/cmd/nncp-xfer/main.go
+++ b/src/cmd/nncp-xfer/main.go
@@ -23,7 +23,6 @@ import (
 	"flag"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -244,7 +243,7 @@ Tx:
 					ctx.UnlockDir(dirLock)
 					continue
 				}
-				if err = os.Mkdir(nodePath, os.FileMode(0700)); err != nil {
+				if err = os.Mkdir(nodePath, os.FileMode(0777)); err != nil {
 					ctx.UnlockDir(dirLock)
 					ctx.LogE("nncp-xfer", nncp.SdsAdd(sds, nncp.SDS{"err": err}), "mkdir")
 					isBad = true
@@ -262,7 +261,7 @@ Tx:
 		_, err = os.Stat(dstPath)
 		if err != nil {
 			if os.IsNotExist(err) {
-				if err = os.Mkdir(dstPath, os.FileMode(0700)); err != nil {
+				if err = os.Mkdir(dstPath, os.FileMode(0777)); err != nil {
 					ctx.UnlockDir(dirLock)
 					ctx.LogE("nncp-xfer", nncp.SdsAdd(sds, nncp.SDS{"err": err}), "mkdir")
 					isBad = true
@@ -294,7 +293,7 @@ Tx:
 				job.Fd.Close()
 				continue
 			}
-			tmp, err := ioutil.TempFile(dstPath, "nncp-xfer")
+			tmp, err := nncp.TempFile(dstPath, "xfer")
 			if err != nil {
 				ctx.LogE("nncp-xfer", nncp.SdsAdd(sds, nncp.SDS{"err": err}), "mktemp")
 				job.Fd.Close()
diff --git a/src/ctx.go b/src/ctx.go
index 28c9b38..03fe80e 100644
--- a/src/ctx.go
+++ b/src/ctx.go
@@ -59,7 +59,7 @@ func (ctx *Ctx) FindNode(id string) (*Node, error) {
 
 func (ctx *Ctx) ensureRxDir(nodeId *NodeId) error {
 	dirPath := filepath.Join(ctx.Spool, nodeId.String(), string(TRx))
-	if err := os.MkdirAll(dirPath, os.FileMode(0700)); err != nil {
+	if err := os.MkdirAll(dirPath, os.FileMode(0777)); err != nil {
 		ctx.LogE("dir-ensure", SDS{"dir": dirPath, "err": err}, "")
 		return err
 	}
diff --git a/src/lockdir.go b/src/lockdir.go
index 3a9afdc..32f9f64 100644
--- a/src/lockdir.go
+++ b/src/lockdir.go
@@ -30,7 +30,7 @@ func (ctx *Ctx) LockDir(nodeId *NodeId, xx TRxTx) (*os.File, error) {
 	dirLock, err := os.OpenFile(
 		lockPath,
 		os.O_CREATE|os.O_WRONLY,
-		os.FileMode(0600),
+		os.FileMode(0666),
 	)
 	if err != nil {
 		ctx.LogE("lockdir", SDS{"path": lockPath, "err": err}, "")
diff --git a/src/log.go b/src/log.go
index 05093c5..b83db34 100644
--- a/src/log.go
+++ b/src/log.go
@@ -62,7 +62,7 @@ func (ctx *Ctx) Log(msg string) {
 	fdLock, err := os.OpenFile(
 		ctx.LogPath+".lock",
 		os.O_CREATE|os.O_WRONLY,
-		os.FileMode(0600),
+		os.FileMode(0666),
 	)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, "Can not open lock for log:", err)
@@ -78,7 +78,7 @@ func (ctx *Ctx) Log(msg string) {
 	fd, err := os.OpenFile(
 		ctx.LogPath,
 		os.O_CREATE|os.O_WRONLY|os.O_APPEND,
-		os.FileMode(0600),
+		os.FileMode(0666),
 	)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, "Can not open log:", err)
diff --git a/src/sp.go b/src/sp.go
index 7e2f7c3..5590b02 100644
--- a/src/sp.go
+++ b/src/sp.go
@@ -848,7 +848,7 @@ func (state *SPState) ProcessSP(payload []byte) ([][]byte, error) {
 			fd, err := os.OpenFile(
 				filePath+PartSuffix,
 				os.O_RDWR|os.O_CREATE,
-				os.FileMode(0600),
+				os.FileMode(0666),
 			)
 			if err != nil {
 				state.Ctx.LogE("sp-file", SdsAdd(sdsp, SDS{"err": err}), "")
diff --git a/src/tmp.go b/src/tmp.go
index 3c305ce..95e45ee 100644
--- a/src/tmp.go
+++ b/src/tmp.go
@@ -21,20 +21,28 @@ import (
 	"bufio"
 	"hash"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strconv"
+	"time"
 
 	"golang.org/x/crypto/blake2b"
 )
 
+func TempFile(dir, prefix string) (*os.File, error) {
+	// Assume that probability of suffix collision is negligible
+	suffix := strconv.FormatInt(time.Now().UnixNano()+int64(os.Getpid()), 16)
+	name := filepath.Join(dir, "nncp"+prefix+suffix)
+	return os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, os.FileMode(0666))
+}
+
 func (ctx *Ctx) NewTmpFile() (*os.File, error) {
 	jobsPath := filepath.Join(ctx.Spool, "tmp")
 	var err error
-	if err = os.MkdirAll(jobsPath, os.FileMode(0700)); err != nil {
+	if err = os.MkdirAll(jobsPath, os.FileMode(0777)); err != nil {
 		return nil, err
 	}
-	fd, err := ioutil.TempFile(jobsPath, "")
+	fd, err := TempFile(jobsPath, "")
 	if err == nil {
 		ctx.LogD("tmp", SDS{"src": fd.Name()}, "created")
 	}
@@ -73,7 +81,7 @@ func (tmp *TmpFileWHash) Cancel() {
 
 func (tmp *TmpFileWHash) Commit(dir string) error {
 	var err error
-	if err = os.MkdirAll(dir, os.FileMode(0700)); err != nil {
+	if err = os.MkdirAll(dir, os.FileMode(0777)); err != nil {
 		return err
 	}
 	if err = tmp.W.Flush(); err != nil {
diff --git a/src/toss.go b/src/toss.go
index c180ed9..6422ac7 100644
--- a/src/toss.go
+++ b/src/toss.go
@@ -176,13 +176,13 @@ func (ctx *Ctx) Toss(
 				goto Closing
 			}
 			dir := filepath.Join(*incoming, path.Dir(dst))
-			if err = os.MkdirAll(dir, os.FileMode(0700)); err != nil {
+			if err = os.MkdirAll(dir, os.FileMode(0777)); err != nil {
 				ctx.LogE("rx", SdsAdd(sds, SDS{"err": err}), "mkdir")
 				isBad = true
 				goto Closing
 			}
 			if !dryRun {
-				tmp, err := ioutil.TempFile(dir, "nncp-file")
+				tmp, err := TempFile(dir, "file")
 				if err != nil {
 					ctx.LogE("rx", SdsAdd(sds, SDS{"err": err}), "mktemp")
 					isBad = true
-- 
2.48.1