From 8b918804fc18c310e6a44b5da0dc42a7ca324bbd Mon Sep 17 00:00:00 2001 From: ramikg <72725910+ramikg@users.noreply.github.com> Date: Tue, 6 Jun 2023 15:19:39 +0300 Subject: [PATCH] Avoid creating unnecessarily executable files --- internal/ingress/controller/checker_test.go | 2 +- pkg/util/file/filesystem.go | 9 +++++++-- pkg/util/file/structure.go | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/internal/ingress/controller/checker_test.go b/internal/ingress/controller/checker_test.go index a0d2baafa..848b4ecb6 100644 --- a/internal/ingress/controller/checker_test.go +++ b/internal/ingress/controller/checker_test.go @@ -76,7 +76,7 @@ func TestNginxCheck(t *testing.T) { }) // create pid file - os.MkdirAll("/tmp/nginx", file.ReadWriteByUser) + os.MkdirAll("/tmp/nginx", file.ReadWriteExecuteByUser) pidFile, err := os.Create(nginx.PID) if err != nil { t.Fatalf("unexpected error: %v", err) diff --git a/pkg/util/file/filesystem.go b/pkg/util/file/filesystem.go index 7c0db9f12..b75e48f0d 100644 --- a/pkg/util/file/filesystem.go +++ b/pkg/util/file/filesystem.go @@ -16,5 +16,10 @@ limitations under the License. package file -// ReadWriteByUser defines linux permission to read and write files for the owner user -const ReadWriteByUser = 0700 +import "syscall" + +// Linux read/write/execute file permissions for the owner user +const ( + ReadWriteByUser = syscall.S_IRUSR | syscall.S_IWUSR + ReadWriteExecuteByUser = syscall.S_IRWXU +) diff --git a/pkg/util/file/structure.go b/pkg/util/file/structure.go index d109e8c03..67eef6bfa 100644 --- a/pkg/util/file/structure.go +++ b/pkg/util/file/structure.go @@ -47,7 +47,7 @@ func CreateRequiredDirectories() error { _, err := os.Stat(directory) if err != nil { if os.IsNotExist(err) { - err = os.MkdirAll(directory, ReadWriteByUser) + err = os.MkdirAll(directory, ReadWriteExecuteByUser) if err != nil { return fmt.Errorf("creating directory %s: %w", directory, err) }