Test using umask instead of chmod to secure backup files

Authored by nalvarez on Apr 23 2019, 8:29 PM.

Description

Test using umask instead of chmod to secure backup files

Currently we create backup files and then run chmod -R 0700 so they aren't
readable by other local users. However, this keeps the files readable
while the backup script is running and didn't chmod yet, and makes files
executable, which they shouldn't be.

This change (only on fiesta for now) uses umask 0077 instead, so the files
are created directly without the read bit for 'group' and 'other'.

Details

Committed
nalvarezApr 23 2019, 8:29 PM
Parents
R897:032639c2294f: Add monitoring to fiesta
Branches
Unknown
Tags
Unknown