rc.conf(5): add <service>_umask to run the service using this value

None of tools working with login classes change umask(1) and we had no ways to specify non-default umask for a service not touching its startup script. This change makes in possible. Some file-sharing services that create new files may benefit from it. Differential: https://reviews.freebsd.org/D36309 (cherry picked from commit 160a2f2cdd)
2024-11-30 04:22:44 +00:00 · 2022-08-28 12:45:23 +07:00 · 2022-08-28 12:45:23 +07:00 · 2e6541b943
commit 2e6541b943
parent b1e0b0cb7c
2 changed files with 16 additions and 2 deletions
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@ -770,6 +770,8 @@ check_startmsgs()
 #
 #	${name}_oomprotect n	Don't kill ${command} when swap space is exhausted.
 #
+#	${name}_umask	n	The file creation mask to run ${command} with.
+#
 #	${name}_user	n	User to run ${command} as, using su(1) if not
 #				using ${name}_chroot.
 #				Requires /usr to be mounted.
@ -970,7 +972,8 @@ run_rc_command()
 	    _fib=\$${name}_fib		_env=\$${name}_env \
 	    _prepend=\$${name}_prepend	_login_class=\${${name}_login_class:-daemon} \
 	    _limits=\$${name}_limits	_oomprotect=\$${name}_oomprotect \
-	    _setup=\$${name}_setup	_env_file=\$${name}_env_file
+	    _setup=\$${name}_setup	_env_file=\$${name}_env_file \
+	    _umask=\$${name}_umask

 	if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then	# load env from file
 		set -a
@ -1331,9 +1334,14 @@ _run_rc_postcmd()

 _run_rc_doit()
 {
+	local _m
+
 	debug "run_rc_command: doit: $*"
+	_m=$(umask)
+	${_umask:+umask ${_umask}}
 	eval "$@"
 	_return=$?
+	umask ${_m}

 	# If command failed and force isn't set, request exit.
 	if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 7, 2022
+.Dd August 28, 2022
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@ -234,6 +234,11 @@ such as PostgreSQL will not inherit the OOM killer protection.
 .Pp
 This variable has no effect on services running within a
 .Xr jail 8 .
+.It Ao Ar name Ac Ns Va _umask
+.Pq Vt int
+Run the service using this
+.Xr umask 1
+value.
 .It Ao Ar name Ac Ns Va _user
 .Pq Vt str
 Run the service under this user account.
@ -4672,6 +4677,7 @@ files.
 .Xr limits 1 ,
 .Xr protect 1 ,
 .Xr sh 1 ,
+.Xr umask 1 ,
 .Xr vi 1 ,
 .Xr vidcontrol 1 ,
 .Xr bridge 4 ,