netplan: keep custom strict perms when 50-cloud-init.yaml exists

Retain existing config file permissions when those permissions are more strict than the default permissions set on /etc/netplan/50-cloud-init.yaml.
author: Chad Smith <chad.smith@canonical.com> 2023-02-04 13:37:02 -0700
committer: GitHub <noreply@github.com> 2023-02-04 13:37:02 -0700
commit: 483f79cb3b94c8c7d176e748892a040c71132cb3 (patch)
tree: ef38d557d29d04ba3971f59601324de656ae43e9 /cloudinit
parent: 3b8b46926b7ef46ac0ee73d51285dd274906e4f3 (diff)
download: cloud-init-git-483f79cb3b94c8c7d176e748892a040c71132cb3.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/cloudinit/net/netplan.py b/cloudinit/net/netplan.py
index e0272a8c..ad586e1e 100644
--- a/cloudinit/net/netplan.py
+++ b/cloudinit/net/netplan.py
@@ -286,6 +286,11 @@ class Renderer(renderer.Renderer):
             header += "\n"
 
         mode = 0o600 if features.NETPLAN_CONFIG_ROOT_READ_ONLY else 0o644
+        if os.path.exists(fpnplan):
+            current_mode = util.get_permissions(fpnplan)
+            if current_mode & mode == current_mode:
+                # preserve mode if existing perms are more strict than default
+                mode = current_mode
         util.write_file(fpnplan, header + content, mode=mode)
 
         if self.clean_default:
author	Chad Smith <chad.smith@canonical.com>	2023-02-04 13:37:02 -0700
committer	GitHub <noreply@github.com>	2023-02-04 13:37:02 -0700
commit	483f79cb3b94c8c7d176e748892a040c71132cb3 (patch)
tree	ef38d557d29d04ba3971f59601324de656ae43e9 /cloudinit
parent	3b8b46926b7ef46ac0ee73d51285dd274906e4f3 (diff)
download	cloud-init-git-483f79cb3b94c8c7d176e748892a040c71132cb3.tar.gz