diff options
author | Lars Wirzenius <liw@liw.fi> | 2014-05-08 09:54:23 +0100 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2014-05-08 09:54:23 +0100 |
commit | 35520c17c51bd9ae7327a5f3a4837b582975610d (patch) | |
tree | 09451d92992d65116c3692068e897ff5f5988e43 /obnamlib/plugins/restore_plugin.py | |
parent | 44e30ea1a5301d7d3724cd6f6c6729415c51faaa (diff) | |
download | obnam-35520c17c51bd9ae7327a5f3a4837b582975610d.tar.gz |
Set permissions of the restore --to dir more securely
Diffstat (limited to 'obnamlib/plugins/restore_plugin.py')
-rw-r--r-- | obnamlib/plugins/restore_plugin.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/obnamlib/plugins/restore_plugin.py b/obnamlib/plugins/restore_plugin.py index 22162685..0eb580ab 100644 --- a/obnamlib/plugins/restore_plugin.py +++ b/obnamlib/plugins/restore_plugin.py @@ -134,6 +134,14 @@ class RestorePlugin(obnamlib.ObnamPlugin): if self.write_ok: self.fs = self.app.fsf.new(self.app.settings['to'], create=True) self.fs.connect() + + # Set permissions on this directory to be quite + # restrictive, so that nobody else can access the files + # while the restore is happening. The directory named by + # --to is set to have the permissions of the filesystem + # root directory (/) in the backup as the final step, so + # the permissions will eventually be correct. + self.fs.chmod_not_symlink('.', 0700) else: self.fs = None # this will trigger error if we try to really write |