I have syncthing installed. But I guess this question can be posed to any daemon running on FreeBSD.
How do we properly set umask for services run on FreeBSD?
I have tried setting on /etc/login.conf but that only applies to executed shell (by a user).
A service does not look at login.conf so I have modified /etc/local/etc/rc.d/syncthing file to call "umask 022" at precmd.
But unfortunately, files are still being written as 644's by the user "syncthing".
Is there anyway we can force a umask on a service daemon?
Thank you.
How do we properly set umask for services run on FreeBSD?
I have tried setting on /etc/login.conf but that only applies to executed shell (by a user).
A service does not look at login.conf so I have modified /etc/local/etc/rc.d/syncthing file to call "umask 022" at precmd.
Code:
#!/bin/sh # $FreeBSD: head/net/syncthing/files/syncthing.in 470134 2018-05-16 17:26:15Z swills $ # # PROVIDE: syncthing # REQUIRE: DAEMON # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable this service: # # syncthing_enable (bool): Set to NO by default. # Set it to YES to enable syncthing. # syncthing_home (path): Directory where syncthing configuration # data is stored. # Default: /usr/local/etc/syncthing # syncthing_log_file (path): Syncthing log file # Default: /var/log/syncthing.log # syncthing_user (user): Set user to run syncthing. # Default is "syncthing". # syncthing_group (group): Set group to run syncthing. # Default is "syncthing". . /etc/rc.subr name=syncthing rcvar=syncthing_enable load_rc_config $name : ${syncthing_enable:="NO"} : ${syncthing_home=/usr/local/etc/syncthing} : ${syncthing_log_file=/var/log/syncthing.log} : ${syncthing_user:="syncthing"} : ${syncthing_group=${syncthing_group:-$syncthing_user}} pidfile=/var/run/syncthing.pid procname="/usr/local/bin/syncthing" command="/usr/sbin/daemon" command_args="-cf -p ${pidfile} ${procname} ${syncthing_home:+-home=${syncthing_home}} ${syncthing_log_file:+-logfile=${syncthing_log_file}} -no-browser ${syncthing_args}" start_precmd=syncthing_startprecmd syncthing_startprecmd() { umask 002 echo "umask sorted" if [ ! -e ${pidfile} ]; then install -o ${syncthing_user} -g ${syncthing_group} /dev/null ${pidfile}; fi if [ ! -d ${syncthing_home} ]; then install -d -o ${syncthing_user} -g ${syncthing_group} ${syncthing_home} fi if [ ! -e ${syncthing_log_file} ]; then install -o ${syncthing_user} -g ${syncthing_group} /dev/null ${syncthing_log_file}; fi } run_rc_command "$1"
But unfortunately, files are still being written as 644's by the user "syncthing".
Is there anyway we can force a umask on a service daemon?
Thank you.