Python
/
uv
mirror of https://github.com/astral-sh/uv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use 0o666 permissions for flock files instead of 0o777 (#16845) 

This removes executable permissions while retaining global read / global
write.

It's been suggested we should use 0o644 instead, dropping the global
write permissions (i.e., just the owner can write), but since we're
taking an exclusive lock I don't think that would work and we'd regress
the issue that was solved by updating the permissions. I think we'll
need to revisit the locking scheme if that's the goal, but regardless,
this seems like a net improvement.
This commit is contained in:
Zanie Blue 2025-12-01 12:09:43 -06:00 committed by GitHub
parent fbf925ee63
commit 082be90177
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crates/uv-fs/src/lib.rs
View File

@ -825,7 +825,7 @@ impl LockedFile {
return Ok(file); return Ok(file);
} }
// Otherwise, create a temporary file with 777 permissions. We must set // Otherwise, create a temporary file with 666 permissions. We must set
// permissions _after_ creating the file, to override the `umask`. // permissions _after_ creating the file, to override the `umask`.
let file = if let Some(parent) = path.as_ref().parent() { let file = if let Some(parent) = path.as_ref().parent() {
NamedTempFile::new_in(parent)? NamedTempFile::new_in(parent)?
@ -834,7 +834,7 @@ impl LockedFile {
}; };
if let Err(err) = file if let Err(err) = file
.as_file() .as_file()
.set_permissions(std::fs::Permissions::from_mode(0o777)) .set_permissions(std::fs::Permissions::from_mode(0o666))
{ {
warn!("Failed to set permissions on temporary file: {err}"); warn!("Failed to set permissions on temporary file: {err}");
} }