agent: Keep some permissions of private-keys-v1.d.

* common/sysutils.c (modestr_to_mode): Re-implement. (gnupg_chmod): Support keeping of permissions. -- GnuPG-bug-id: 2312 Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2020-09-09 20:33:06 +02:00 · 2020-09-09 20:33:06 +02:00 · 7de9ed521e
commit 7de9ed521e
parent 5b6cfef620
2 changed files with 55 additions and 27 deletions
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -2314,10 +2314,20 @@ create_private_keys_directory (const char *home)
                   fname, strerror (errno) );
      else if (!opt.quiet)
        log_info (_("directory '%s' created\n"), fname);
+
+      if (gnupg_chmod (fname, "-rwx"))
+        log_error (_("can't set permissions of '%s': %s\n"),
+                   fname, strerror (errno));
+    }
+  else
+    {
+      /* The file exists or another error.  Make sure we have sensible
+       * permissions.  We enforce rwx for user but keep existing group
+       * permissions.  Permissions for other are always cleared.  */
+      if (gnupg_chmod (fname, "-rwx...---"))
+        log_error (_("can't set permissions of '%s': %s\n"),
+                   fname, strerror (errno));
    }
-  if (gnupg_chmod (fname, "-rwx"))
-    log_error (_("can't set permissions of '%s': %s\n"),
-               fname, strerror (errno));
  xfree (fname);
 }