Explicitly set access permissions so we're not affected by process' umask

author: Martin Ridgers <[email protected]> 2022-02-21 12:53:47 +0100
committer: Martin Ridgers <[email protected]> 2022-02-21 12:53:47 +0100
commit: f3722e2c7e27131be8395dedc9fcbb6a73cda80d (patch)
tree: f363e44b32191779ba19b5b648362281dc89e1ae
parent: Allow all users and groups to read/write files (POSIX) (diff)
download: zen-f3722e2c7e27131be8395dedc9fcbb6a73cda80d.tar.xz
zen-f3722e2c7e27131be8395dedc9fcbb6a73cda80d.zip
6 files changed, 37 insertions, 13 deletions
diff --git a/zen/internalfile.cpp b/zen/internalfile.cpp
index 8f1ca5c03..354ec2221 100644
--- a/zen/internalfile.cpp
+++ b/zen/internalfile.cpp
@@ -182,9 +182,13 @@ InternalFile::OpenWrite(std::filesystem::path FileName, bool IsCreate)
 	int OpenFlags = O_RDWR | O_CLOEXEC;
 	OpenFlags |= IsCreate ? O_CREAT | O_TRUNC : 0;
 
-	int Fd = open(FileName.c_str(), OpenFlags, 0666);
+	int Fd = open(FileName.c_str(), OpenFlags);
 	if (Fd >= 0)
 	{
+		if (IsCreate)
+		{
+			fchmod(Fd, 0666);
+		}
 		Success = true;
 		m_File	= (void*)(intptr_t(Fd));
 	}
diff --git a/zencore/filesystem.cpp b/zencore/filesystem.cpp
index f6ea4824a..7cd71e4b4 100644
--- a/zencore/filesystem.cpp
+++ b/zencore/filesystem.cpp
@@ -436,11 +436,12 @@ CloneFile(std::filesystem::path FromPath, std::filesystem::path ToPath)
 	ScopedFd $From = { FromFd };
 
 	// The 'to' file
-	int ToFd = open(ToPath.c_str(), O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666);
+	int ToFd = open(ToPath.c_str(), O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC);
 	if (ToFd < 0)
 	{
 		return false;
 	}
+	fchmod(ToFd, 0666);
 	ScopedFd $To = { FromFd };
 
 	ioctl(ToFd, FICLONE, FromFd);
@@ -502,11 +503,12 @@ CopyFile(std::filesystem::path FromPath, std::filesystem::path ToPath, const Cop
 	ScopedFd $From = {FromFd};
 
 	// To file
-	int ToFd = open(ToPath.c_str(), O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC, 0666);
+	int ToFd = open(ToPath.c_str(), O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC);
 	if (ToFd < 0)
 	{
 		ThrowLastError(fmt::format("failed to create file {}", ToPath));
 	}
+	fchmod(ToFd, 0666);
 	ScopedFd $To = {ToFd};
 
 	// Copy impl
@@ -558,17 +560,19 @@ WriteFile(std::filesystem::path Path, const IoBuffer* const* Data, size_t Buffer
 
 #else
 	int OpenFlags = O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC;
-	int Fd		  = open(Path.c_str(), OpenFlags, 0666);
+	int Fd		  = open(Path.c_str(), OpenFlags);
 	if (Fd < 0)
 	{
 		zen::CreateDirectories(Path.parent_path());
-		Fd = open(Path.c_str(), OpenFlags, 0666);
+		Fd = open(Path.c_str(), OpenFlags);
 	}
 
 	if (Fd < 0)
 	{
 		ThrowLastError(fmt::format("File open failed for '{}'", Path));
 	}
+
+	fchmod(Fd, 0666);
 #endif
 
 	// TODO: this should be block-enlightened
diff --git a/zencore/thread.cpp b/zencore/thread.cpp
index 313f253f1..df8cb7a34 100644
--- a/zencore/thread.cpp
+++ b/zencore/thread.cpp
@@ -28,6 +28,7 @@
 #	include <signal.h>
 #	include <sys/file.h>
 #	include <sys/sem.h>
+#	include <sys/stat.h>
 #	include <sys/wait.h>
 #	include <time.h>
 #	include <unistd.h>
@@ -270,11 +271,12 @@ NamedEvent::NamedEvent(std::string_view EventName)
 	ExtendableStringBuilder<64> EventPath;
 	EventPath << "/tmp/" << EventName;
 
-	int Fd = open(EventPath.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0666);
+	int Fd = open(EventPath.c_str(), O_RDWR | O_CREAT | O_CLOEXEC);
 	if (Fd < 0)
 	{
 		ThrowLastError(fmt::format("Failed to create '{}' for named event", EventPath));
 	}
+	fchmod(Fd, 0666);
 
 	// Use the file path to generate an IPC key
 	key_t IpcKey = ftok(EventPath.c_str(), 1);
@@ -446,11 +448,12 @@ NamedMutex::Create(std::string_view MutexName)
 	ExtendableStringBuilder<64> Name;
 	Name << "/tmp/" << MutexName;
 
-	int Inner = open(Name.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0666);
+	int Inner = open(Name.c_str(), O_RDWR | O_CREAT | O_CLOEXEC);
 	if (Inner < 0)
 	{
 		return false;
 	}
+	fchmod(Inner, 0666);
 
 	if (flock(Inner, LOCK_EX) != 0)
 	{
@@ -489,7 +492,7 @@ NamedMutex::Exists(std::string_view MutexName)
 	Name << "/tmp/" << MutexName;
 
 	bool bExists = false;
-	int	 Fd		 = open(Name.c_str(), O_RDWR | O_CLOEXEC, 0666);
+	int	 Fd		 = open(Name.c_str(), O_RDWR | O_CLOEXEC);
 	if (Fd >= 0)
 	{
 		if (flock(Fd, LOCK_EX | LOCK_NB) == 0)
diff --git a/zenstore/basicfile.cpp b/zenstore/basicfile.cpp
index 038d83493..1b6080379 100644
--- a/zenstore/basicfile.cpp
+++ b/zenstore/basicfile.cpp
@@ -75,12 +75,16 @@ BasicFile::Open(std::filesystem::path FileName, bool IsCreate, std::error_code&
 	int OpenFlags = O_RDWR | O_CLOEXEC;
 	OpenFlags |= IsCreate ? O_CREAT | O_TRUNC : 0;
 
-	int Fd = open(FileName.c_str(), OpenFlags, 0666);
+	int Fd = open(FileName.c_str(), OpenFlags);
 	if (Fd < 0)
 	{
 		Ec = zen::MakeErrorCodeFromLastError();
 		return;
 	}
+	if (IsCreate)
+	{
+		fchmod(Fd, 0666);
+	}
 
 	void* FileHandle = (void*)(uintptr_t(Fd));
 #endif
@@ -366,12 +370,13 @@ LockFile::Create(std::filesystem::path FileName, CbObject Payload, std::error_co
 		return;
 	}
 #elif ZEN_PLATFORM_LINUX || ZEN_PLATFORM_MAC
-	int Fd = open(FileName.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0666);
+	int Fd = open(FileName.c_str(), O_RDWR | O_CREAT | O_CLOEXEC);
 	if (Fd < 0)
 	{
 		Ec = zen::MakeErrorCodeFromLastError();
 		return;
 	}
+	fchmod(Fd, 0666);
 
 	int LockRet = flock(Fd, LOCK_EX | LOCK_NB);
 	if (LockRet < 0)
diff --git a/zenstore/filecas.cpp b/zenstore/filecas.cpp
index f2f4465cc..5c7edef29 100644
--- a/zenstore/filecas.cpp
+++ b/zenstore/filecas.cpp
@@ -388,7 +388,14 @@ FileCasStrategy::InsertChunk(const void* const ChunkData, const size_t ChunkSize
 	}
 #else
 	// Attempt to exclusively create the file.
-	auto InternalCreateFile = [&] { return open(Name.ShardedPath.c_str(), O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC, 0666); };
+	auto InternalCreateFile = [&] {
+		int Fd = open(Name.ShardedPath.c_str(), O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC);
+		if (Fd >= 0)
+		{
+			fchmod(Fd, 0666);
+		}
+		return Fd;
+	};
 	int Fd = InternalCreateFile();
 	if (Fd < 0)
 	{
diff --git a/zenutil/zenserverprocess.cpp b/zenutil/zenserverprocess.cpp
index 08ebb21b0..1671be918 100644
--- a/zenutil/zenserverprocess.cpp
+++ b/zenutil/zenserverprocess.cpp
@@ -159,11 +159,12 @@ ZenServerState::Initialize()
 		ThrowLastError("Could not map view of Zen server state");
 	}
 #else
-	int Fd = shm_open("/UnrealEngineZen", O_RDWR | O_CREAT | O_CLOEXEC, 0666);
+	int Fd = shm_open("/UnrealEngineZen", O_RDWR | O_CREAT | O_CLOEXEC);
 	if (Fd < 0)
 	{
 		ThrowLastError("Could not open a shared memory object");
 	}
+	fchmod(Fd, 0666);
 	void* hMap = (void*)intptr_t(Fd);
 
 	int Result = ftruncate(Fd, MapSize);
@@ -209,7 +210,7 @@ ZenServerState::InitializeReadOnly()
 		ThrowLastError("Could not map view of Zen server state");
 	}
 #else
-	int Fd = shm_open("/UnrealEngineZen", O_RDONLY | O_CLOEXEC, 0666);
+	int Fd = shm_open("/UnrealEngineZen", O_RDONLY | O_CLOEXEC);
 	if (Fd < 0)
 	{
 		return false;
author	Martin Ridgers <[email protected]>	2022-02-21 12:53:47 +0100
committer	Martin Ridgers <[email protected]>	2022-02-21 12:53:47 +0100
commit	f3722e2c7e27131be8395dedc9fcbb6a73cda80d (patch)
tree	f363e44b32191779ba19b5b648362281dc89e1ae
parent	Allow all users and groups to read/write files (POSIX) (diff)
download	zen-f3722e2c7e27131be8395dedc9fcbb6a73cda80d.tar.xz zen-f3722e2c7e27131be8395dedc9fcbb6a73cda80d.zip