Change permissions on backup files

Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files.
author: Vinnie Okada <vokada@mrvinn.com> 2015-03-15 12:54:36 -0600
committer: Vinnie Okada <vokada@mrvinn.com> 2015-03-15 13:14:30 -0600
commit: 8587a2937020eca2fda3efbcf31862697e7f5b3f (patch)
tree: 3bce665b790723c778e2e33f48f85e7026d314e2 /lib/backup
parent: aea75cfb0ac7b373bacdee17ee9e8c1314c3b676 (diff)
download: gitlab-ce-8587a2937020eca2fda3efbcf31862697e7f5b3f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb
index ab8db4e9837..b499e5755bd 100644
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
@@ -17,14 +17,18 @@ module Backup
         file << s.to_yaml.gsub(/^---\n/,'')
       end
 
+      FileUtils.chmod_R(0700, %w{db uploads repositories})
+
       # create archive
       $progress.print "Creating backup archive: #{tar_file} ... "
+      orig_umask = File.umask(0077)
       if Kernel.system('tar', '-cf', tar_file, *BACKUP_CONTENTS)
         $progress.puts "done".green
       else
         puts "creating archive #{tar_file} failed".red
         abort 'Backup failed'
       end
+      File.umask(orig_umask)
 
       upload(tar_file)
     end
author	Vinnie Okada <vokada@mrvinn.com>	2015-03-15 12:54:36 -0600
committer	Vinnie Okada <vokada@mrvinn.com>	2015-03-15 13:14:30 -0600
commit	8587a2937020eca2fda3efbcf31862697e7f5b3f (patch)
tree	3bce665b790723c778e2e33f48f85e7026d314e2 /lib/backup
parent	aea75cfb0ac7b373bacdee17ee9e8c1314c3b676 (diff)
download	gitlab-ce-8587a2937020eca2fda3efbcf31862697e7f5b3f.tar.gz