Use 0o666 permissions for flock files instead of 0o777 (#16845)

This removes executable permissions while retaining global read / global write. It's been suggested we should use 0o644 instead, dropping the global write permissions (i.e., just the owner can write), but since we're taking an exclusive lock I don't think that would work and we'd regress the issue that was solved by updating the permissions. I think we'll need to revisit the locking scheme if that's the goal, but regardless, this seems like a net improvement.
2025-12-01 12:09:43 -06:00 · 2025-12-01 12:09:43 -06:00 · 082be90177
parent fbf925ee63
commit 082be90177
1 changed files with 2 additions and 2 deletions
--- a/crates/uv-fs/src/lib.rs
+++ b/crates/uv-fs/src/lib.rs
@ -825,7 +825,7 @@ impl LockedFile {
            return Ok(file);
        }

-        // Otherwise, create a temporary file with 777 permissions. We must set
+        // Otherwise, create a temporary file with 666 permissions. We must set
        // permissions _after_ creating the file, to override the `umask`.
        let file = if let Some(parent) = path.as_ref().parent() {
            NamedTempFile::new_in(parent)?
@ -834,7 +834,7 @@ impl LockedFile {
        };
        if let Err(err) = file
            .as_file()
-            .set_permissions(std::fs::Permissions::from_mode(0o777))
+            .set_permissions(std::fs::Permissions::from_mode(0o666))
        {
            warn!("Failed to set permissions on temporary file: {err}");
        }