[pacman-dev] [PATCH] pacman-db-upgrade: set umask 022

Peter Wu peter at lekensteyn.nl
Sat Dec 20 10:58:09 UTC 2014

This prevents the database from becoming inaccessible for non-root
users when the script was executed with a umask of 027.

Signed-off-by: Peter Wu <peter at lekensteyn.nl>

It would probably be a good idea to set umask 022 for
/var/cache/pacman/archives/ as well, but that is not as severe as this issue.

If there are people who actually use 'umask 027' to make their packages
unreadable, what about a global Umask setting in pacman.conf (defaulting to

Kind regards,
 scripts/pacman-db-upgrade.sh.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/pacman-db-upgrade.sh.in b/scripts/pacman-db-upgrade.sh.in
index 7bb277b..e2bb290 100644
--- a/scripts/pacman-db-upgrade.sh.in
+++ b/scripts/pacman-db-upgrade.sh.in
@@ -19,6 +19,9 @@
 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+# Avoid creating world-unreadable files
+umask 022
 # gettext initialization
 export TEXTDOMAIN='pacman-scripts'
 export TEXTDOMAINDIR='@localedir@'

More information about the pacman-dev mailing list