lei: ensure we run a restrictive umask

While we configure the LeiStore git repos and DBs to have a
restrictive umask, lei may also write to Maildirs/mboxes/etc.

We will follow mutt behavior when saving files/messages to the FS.
We only want to create files which are only readable by the local
user since this is intended for private mail and could be used
on shared systems.

We may allow passing the umask on a per-command-basis, but it's
probably not worth the effort to support.

diff --git a/lib/PublicInbox/LeiDaemon.pm b/lib/PublicInbox/LeiDaemon.pm
index 010c1cbaa5a375682fedceac5a3e8e83271ae96a..1f170f1d06fdffbc68d9aa9b8e149ed3b0276c47 100644 (file)
--- a/lib/PublicInbox/LeiDaemon.pm
+++ b/lib/PublicInbox/LeiDaemon.pm
@@ -538,12 +538,11 @@ sub lazy_start {
                die "connect($path): $!";
        }
        require IO::FDPass;
-       my $umask = umask(077) // die("umask(077): $!");
+       umask(077) // die("umask(077): $!");
        my $l = IO::Socket::UNIX->new(Local => $path,
                                        Listen => 1024,
                                        Type => SOCK_STREAM) or
                $err = $!;
-       umask($umask) or die("umask(restore): $!");
        $l or return die "bind($path): $err";
        my @st = stat($path) or die "stat($path): $!";
        my $dev_ino_expect = pack('dd', $st[0], $st[1]); # dev+ino
@@ -638,6 +637,7 @@ sub oneshot {
        my $exit = $main_pkg->can('exit'); # caller may override exit()
        local $quit = $exit if $exit;
        local %PATH2CFG;
+       umask(077) // die("umask(077): $!");
        dispatch({
                0 => *STDIN{IO},
                1 => *STDOUT{IO},