Allow custom umask setting #963

New Issue

MrUnknownDE · 2026-04-06T01:19:43+02:00

MrUnknownDE commented

2026-04-06 01:19:43 +02:00

Originally created by @BlackDex on 8/26/2024

To provide a way to add more security regarding file/folder permissions this PR adds a way to allow setting a custom UMASK variable.

This allows people to set a more secure default like only allowing the owner the the process/container to read/write files and folders.

Examples:

UMASK=022 File: 644 | Folder: 755 (Default of the containers)
This means Owner read/write and group/world read-only
UMASK=027 File: 640 | Folder: 750
This means Owner read/write, group read-only, world no access
UMASK=077 File: 600 | Folder: 700
This means Owner read/write and group/world no access

resolves #4571

*Originally created by @BlackDex on 8/26/2024* To provide a way to add more security regarding file/folder permissions this PR adds a way to allow setting a custom `UMASK` variable. This allows people to set a more secure default like only allowing the owner the the process/container to read/write files and folders. Examples: - `UMASK=022` File: 644 | Folder: 755 (Default of the containers) This means Owner read/write and group/world read-only - `UMASK=027` File: 640 | Folder: 750 This means Owner read/write, group read-only, world no access - `UMASK=077` File: 600 | Folder: 700 This means Owner read/write and group/world no access resolves #4571

MrUnknownDE closed this issue

2026-04-06 01:19:44 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#963