From b9673e3718ccb81d3eb10119ce3a113d199e2717 Mon Sep 17 00:00:00 2001
From: Charan Kamarapu <kamarapucharan@gmail.com>
Date: Fri, 10 May 2024 17:32:32 +0530
Subject: [PATCH] fix: folder permissions (#1808)

* fix: folder permissions

Signed-off-by: charankamarapu <kamarapucharan@gmail.com>

* fix: folder permissions

Signed-off-by: charankamarapu <kamarapucharan@gmail.com>

* fix: unset umask

Signed-off-by: charankamarapu <kamarapucharan@gmail.com>

* doc: add comment

Signed-off-by: charankamarapu <kamarapucharan@gmail.com>

* doc: add comment

Signed-off-by: charankamarapu <kamarapucharan@gmail.com>

---------

Signed-off-by: charankamarapu <kamarapucharan@gmail.com>
---
 main.go                   | 12 ++++++++++++
 pkg/platform/yaml/yaml.go | 14 ++------------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/main.go b/main.go
index 2656c6a83..c8f62effc 100755
--- a/main.go
+++ b/main.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"syscall"
 
 	"go.keploy.io/server/v2/cli"
 	"go.keploy.io/server/v2/cli/provider"
@@ -65,6 +66,17 @@ func start(ctx context.Context) {
 	}
 	defer utils.DeleteLogs(logger)
 	defer utils.Recover(logger)
+
+	// The 'umask' command is commonly used in various operating systems to regulate the permissions of newly created files.
+	// These 'umask' values subtract from the permissions assigned by the process, effectively lowering the permissions.
+	// For example, if a file is created with permissions '777' and the 'umask' is '022', the resulting permissions will be '755',
+	// reducing certain permissions for security purposes.
+	// Setting 'umask' to '0' ensures that 'keploy' can precisely control the permissions of the files it creates.
+	// However, it's important to note that this approach may not work in scenarios involving mounted volumes,
+	// as the 'umask' is set by the host system, and cannot be overridden by 'keploy' or individual processes.
+	oldMask := syscall.Umask(0)
+	defer syscall.Umask(oldMask)
+
 	configDb := configdb.NewConfigDb(logger)
 	if dsn != "" {
 		utils.SentryInit(logger, dsn)
diff --git a/pkg/platform/yaml/yaml.go b/pkg/platform/yaml/yaml.go
index 0dd89217d..1849526ac 100755
--- a/pkg/platform/yaml/yaml.go
+++ b/pkg/platform/yaml/yaml.go
@@ -63,14 +63,14 @@ func WriteFile(ctx context.Context, logger *zap.Logger, path, fileName string, d
 	if err != nil {
 		return err
 	}
-	flag := os.O_CREATE | os.O_WRONLY | os.O_TRUNC
+	flag := os.O_WRONLY | os.O_TRUNC
 	if isAppend {
 		data := []byte("---\n")
 		if isFileEmpty {
 			data = []byte{}
 		}
 		docData = append(data, docData...)
-		flag = os.O_CREATE | os.O_WRONLY | os.O_APPEND
+		flag = os.O_WRONLY | os.O_APPEND
 	}
 	yamlPath := filepath.Join(path, fileName+".yaml")
 	file, err := os.OpenFile(yamlPath, flag, fs.ModePerm)
@@ -141,11 +141,6 @@ func CreateYamlFile(ctx context.Context, Logger *zap.Logger, path string, fileNa
 				utils.LogError(Logger, err, "failed to create a directory for the yaml file", zap.String("path directory", path), zap.String("yaml", fileName))
 				return false, err
 			}
-			err = os.Chmod(path, 0777)
-			if err != nil {
-				utils.LogError(Logger, err, "failed to set permissions for the directory", zap.String("path directory", path))
-				return false, err
-			}
 			file, err := os.OpenFile(yamlPath, os.O_CREATE, 0777) // Set file permissions to 777
 			if err != nil {
 				utils.LogError(Logger, err, "failed to create a yaml file", zap.String("path directory", path), zap.String("yaml", fileName))
@@ -156,11 +151,6 @@ func CreateYamlFile(ctx context.Context, Logger *zap.Logger, path string, fileNa
 				utils.LogError(Logger, err, "failed to close the yaml file", zap.String("path directory", path), zap.String("yaml", fileName))
 				return false, err
 			}
-			err = os.Chmod(yamlPath, 0777)
-			if err != nil {
-				utils.LogError(Logger, err, "failed to set permissions for the directory", zap.String("path directory", path))
-				return false, err
-			}
 			return true, nil
 		}
 		return false, err