On Fri, Apr 18, 2014 at 12:01:15AM -0400, Joey Hess wrote:
> Imagine obnam restore running on a live system. Perhaps root is
> kindly restoring to /home/user/deleted-files-restored-from-yesterday/
> on a multi-user system, where /home/user does not have locked down
> permissions, so other users can cd to that directory.
>
> It looks to me like obnam restores each file by
>
> 1. opening a new file, using the default umask
> 2. writing the file's content
> 3. restoring the file owner's and permissions
Yeah, this happens. Thank you for reporting.
First, the workaround: create a directory, chmod 0700 it, then restore
to a subdirectory of that:
mkdir -m 0700 /some/path
obnam restore --to /some/path/restored
Note that the restore needs to go to a subdirectory of /some/path, not
/some/path directly, just to be extra safe.
I'm proposing to fix this by making Obnam create restored files with
minimal permissions (0300 for directories, 0200 for everything else),
until the data has been restored, and setting the right permissions
afterwards. Does that seem correct to you, Joey?
--
http://www.cafepress.com/trunktees -- geeky funny T-shirts
http://gtdfh.branchable.com/ -- GTD for hackers
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
