From 082be9017731fd81f546c36122be61669c0eff0c Mon Sep 17 00:00:00 2001
From: Zanie Blue <contact@zanie.dev>
Date: Mon, 1 Dec 2025 12:09:43 -0600
Subject: [PATCH] Use 0o666 permissions for flock files instead of 0o777
 (#16845)

This removes executable permissions while retaining global read / global
write.

It's been suggested we should use 0o644 instead, dropping the global
write permissions (i.e., just the owner can write), but since we're
taking an exclusive lock I don't think that would work and we'd regress
the issue that was solved by updating the permissions. I think we'll
need to revisit the locking scheme if that's the goal, but regardless,
this seems like a net improvement.
---
 crates/uv-fs/src/lib.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crates/uv-fs/src/lib.rs b/crates/uv-fs/src/lib.rs
index f5ad66cef..dd6748734 100644
--- a/crates/uv-fs/src/lib.rs
+++ b/crates/uv-fs/src/lib.rs
@@ -825,7 +825,7 @@ impl LockedFile {
             return Ok(file);
         }
 
-        // Otherwise, create a temporary file with 777 permissions. We must set
+        // Otherwise, create a temporary file with 666 permissions. We must set
         // permissions _after_ creating the file, to override the `umask`.
         let file = if let Some(parent) = path.as_ref().parent() {
             NamedTempFile::new_in(parent)?
@@ -834,7 +834,7 @@ impl LockedFile {
         };
         if let Err(err) = file
             .as_file()
-            .set_permissions(std::fs::Permissions::from_mode(0o777))
+            .set_permissions(std::fs::Permissions::from_mode(0o666))
         {
             warn!("Failed to set permissions on temporary file: {err}");
         }