Skip to content

Private file permissions by default #551

New issue
New issue
Open
Open
Private file permissions by default#551
Labels
A-binariesArea: Related to binaries.C-requestCategory: A request for changes or a feature.E-easyExperience: Easy difficulty. Experience needed to fix: Not much. Good first issue.E-help-wantedExperience: Call for participation: Help is requested to fix this issue.
@hinto-janai

Description

@hinto-janai
hinto-janai
opened on Sep 27, 2025

Feature

cuprated creates files with global read/execute permissions (rwxr-xr-x), any other process running on the machine can read these files.

Certain libraries that create files (e.g. LMDB) may set their own umask although cuprated does not. It would be prudent to set a private global umask before creating files:

umask file permissions
027 rwxr-x---
007 rwx------

Implementation

Windows will need a separate impl.

fn main() {
    // SAFETY: calling C.
    unsafe {
        libc::umask(0o027);
    }

    /* ... */
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-binariesArea: Related to binaries.C-requestCategory: A request for changes or a feature.E-easyExperience: Easy difficulty. Experience needed to fix: Not much. Good first issue.E-help-wantedExperience: Call for participation: Help is requested to fix this issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions