1

I install files using standard POSIX utilities cp, install, sed, sh.

It is possible to fix any permission with chmod / chown / chgrp but it is dangerous to temporarily expose sensitive data and fix it later.

"Standard" way to deal with the problem is to use install -m MODE -u USER -g GRP.

What if I need to process file with a "dumb" utility (like grep / sed / awk / sh )? How can I prevent data leak from such tools? By using umask 777?

I consider following dangerous:

base64 -d secret.txt >/etc/app.key
sed -e '/^#.*/d' </etc/default/app.cfg >/etc/app.cfg

because file content might be accessible to other users if umask is too open. Also I have to "fix" user/group after redirections...

PS Seems install is not in POSIX... https://pubs.opengroup.org/onlinepubs/9699919799/utilities/contents.html

Also GNU install doesn't read from pipe, so following trick is impossible:

sed ... < $SRC | install -m MODE -u USER -g GRP - $DEST

Some shell allow process substitution (<(cmd) syntax) or one might create named pipe as workaround...

gavenkoa
  • 45,285
  • 19
  • 251
  • 303
  • 1
    this might be one for the sister site https://unix.stackexchange.com – simbo1905 Jan 03 '21 at 17:32
  • 2
    Just a home user here, but I'd use superuser privileges to install an empty file at the destination, perform the necessary chown/chgrp/chmod commands while there is no sensitive data in the file, then write the file as desired. Only users/groups with write access can update the file, and only those with read access can see the contents. If you have a group of, say, 20 files that all need the same permissions (e.g. all 0700 perms, even if owner/group is different), that's where the umask command would be particularly useful, allowing you to use 1 umask invocation instead of 20 chmod invocations – MemReflect Jan 03 '21 at 21:17

1 Answers1

1

After reading POSIX I see that there is no guaranty for mkdir, cp and other tools to respect umask. Actually umask is a process property and is handled by kernel/syscals.

I'd better use non-standard GNU install with -m MODE (-u, -g).

For dumb tools GNU Bash with process substitution would be handy:

install -m 0700 <(sed ... $SRC) $DST

But I'm not sure of FIFO permissions...

gavenkoa
  • 45,285
  • 19
  • 251
  • 303