aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEugene Grosbein <eugen@FreeBSD.org>2022-08-28 05:45:23 +0000
committerEugene Grosbein <eugen@FreeBSD.org>2023-12-02 08:15:52 +0000
commit2d6a03dd43c758cdd7c7dd9590459d1aa77d4333 (patch)
tree991a79196a30a6998296a01a72271d0a755ec72f
parented36613e65ab59ba8e9c2ca73ca8188457b51d01 (diff)
downloadsrc-2d6a03dd43c7.tar.gz
src-2d6a03dd43c7.zip
rc.conf(5): add <service>_umask to run the service using this value
None of tools working with login classes change umask(1) and we had no ways to specify non-default umask for a service not touching its startup script. This change makes in possible. Some file-sharing services that create new files may benefit from it. Differential: https://reviews.freebsd.org/D36309 (cherry picked from commit 160a2f2cdda806e104c0d3194bfb84b208ad1ae8)
-rw-r--r--libexec/rc/rc.subr10
-rw-r--r--share/man/man5/rc.conf.58
2 files changed, 16 insertions, 2 deletions
diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index 2f9ce7f54bef..04b30cac40a7 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -790,6 +790,8 @@ startmsg()
#
# ${name}_oomprotect n Don't kill ${command} when swap space is exhausted.
#
+# ${name}_umask n The file creation mask to run ${command} with.
+#
# ${name}_user n User to run ${command} as, using su(1) if not
# using ${name}_chroot.
# Requires /usr to be mounted.
@@ -990,7 +992,8 @@ run_rc_command()
_fib=\$${name}_fib _env=\$${name}_env \
_prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \
_limits=\$${name}_limits _oomprotect=\$${name}_oomprotect \
- _setup=\$${name}_setup _env_file=\$${name}_env_file
+ _setup=\$${name}_setup _env_file=\$${name}_env_file \
+ _umask=\$${name}_umask
if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then # load env from file
set -a
@@ -1352,9 +1355,14 @@ _run_rc_postcmd()
_run_rc_doit()
{
+ local _m
+
debug "run_rc_command: doit: $*"
+ _m=$(umask)
+ ${_umask:+umask ${_umask}}
eval "$@"
_return=$?
+ umask ${_m}
# If command failed and force isn't set, request exit.
if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 666ccbbc6b6e..8f105e679b55 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd September 18, 2023
+.Dd December 2, 2023
.Dt RC.CONF 5
.Os
.Sh NAME
@@ -237,6 +237,11 @@ such as PostgreSQL will not inherit the OOM killer protection.
.Pp
This variable has no effect on services running within a
.Xr jail 8 .
+.It Ao Ar name Ac Ns Va _umask
+.Pq Vt int
+Run the service using this
+.Xr umask 1
+value.
.It Ao Ar name Ac Ns Va _user
.Pq Vt str
Run the service under this user account.
@@ -4730,6 +4735,7 @@ The default is 10.
.Xr limits 1 ,
.Xr protect 1 ,
.Xr sh 1 ,
+.Xr umask 1 ,
.Xr vi 1 ,
.Xr vidcontrol 1 ,
.Xr bridge 4 ,