Set permissions of the restore --to dir more securely

author: Lars Wirzenius <liw@liw.fi> 2014-05-08 09:54:23 +0100
committer: Lars Wirzenius <liw@liw.fi> 2014-05-08 09:54:23 +0100
commit: 35520c17c51bd9ae7327a5f3a4837b582975610d (patch)
tree: 09451d92992d65116c3692068e897ff5f5988e43 /obnamlib/plugins/restore_plugin.py
parent: 44e30ea1a5301d7d3724cd6f6c6729415c51faaa (diff)
download: obnam-35520c17c51bd9ae7327a5f3a4837b582975610d.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/obnamlib/plugins/restore_plugin.py b/obnamlib/plugins/restore_plugin.py
index 22162685..0eb580ab 100644
--- a/obnamlib/plugins/restore_plugin.py
+++ b/obnamlib/plugins/restore_plugin.py
@@ -134,6 +134,14 @@ class RestorePlugin(obnamlib.ObnamPlugin):
         if self.write_ok:
             self.fs = self.app.fsf.new(self.app.settings['to'], create=True)
             self.fs.connect()
+
+            # Set permissions on this directory to be quite
+            # restrictive, so that nobody else can access the files
+            # while the restore is happening. The directory named by
+            # --to is set to have the permissions of the filesystem
+            # root directory (/) in the backup as the final step, so
+            # the permissions will eventually be correct.
+            self.fs.chmod_not_symlink('.', 0700)
         else:
             self.fs = None # this will trigger error if we try to really write
author	Lars Wirzenius <liw@liw.fi>	2014-05-08 09:54:23 +0100
committer	Lars Wirzenius <liw@liw.fi>	2014-05-08 09:54:23 +0100
commit	35520c17c51bd9ae7327a5f3a4837b582975610d (patch)
tree	09451d92992d65116c3692068e897ff5f5988e43 /obnamlib/plugins/restore_plugin.py
parent	44e30ea1a5301d7d3724cd6f6c6729415c51faaa (diff)
download	obnam-35520c17c51bd9ae7327a5f3a4837b582975610d.tar.gz