File: perm.go

package info (click to toggle)
gitlab-shell 14.35.0%2Bds1-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 23,652 kB
  • sloc: ruby: 1,129; makefile: 583; sql: 391; sh: 384
file content (73 lines) | stat: -rw-r--r-- 2,261 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
// Package perm provides constants for file and directory permissions.
//
// Note that these permissions are further restricted by the system configured
// umask.
package perm

import (
	"io/fs"
	"syscall"
)

const (
	// PrivateDir is the permissions given for a directory that must only be
	// used by gitaly.
	PrivateDir fs.FileMode = 0o700

	// GroupPrivateDir is the permissions given for a directory that must only
	// be used by gitaly and the git group.
	GroupPrivateDir fs.FileMode = 0o770

	// SharedDir is the permission given for a directory that may be read
	// outside of gitaly.
	SharedDir fs.FileMode = 0o755

	// PublicDir is the permission given for a directory that may be read or
	// written outside of gitaly.
	PublicDir fs.FileMode = 0o777

	// PrivateWriteOnceFile is the most restrictive file permission. Given to
	// files that are expected to be written only once and must be read only by
	// gitaly.
	PrivateWriteOnceFile fs.FileMode = 0o400

	// PrivateFile is the permissions given for a file that must only be used
	// by gitaly.
	PrivateFile fs.FileMode = 0o600

	// SharedFile is the permission given for a file that may be read outside
	// of gitaly.
	SharedFile fs.FileMode = 0o644

	// SharedReadOnlyFile is the permission given for a read only file that may also
	// be read outside of Gitaly.
	SharedReadOnlyFile fs.FileMode = 0o444

	// PublicFile is the permission given for a file that may be read or
	// written outside of gitaly.
	PublicFile fs.FileMode = 0o666

	// PrivateExecutable is the permissions given for an executable that must
	// only be used by gitaly.
	PrivateExecutable fs.FileMode = 0o700

	// SharedExecutable is the permission given for an executable that may be
	// executed outside of gitaly.
	SharedExecutable fs.FileMode = 0o755
)

// Umask represents a umask that is used to mask mode bits.
type Umask int

// Mask applies the mask on the mode.
func (mask Umask) Mask(mode fs.FileMode) fs.FileMode {
	return mode & ^fs.FileMode(mask)
}

// GetUmask gets the currently set umask. Not safe to call concurrently with other
// file operations as it has to set the Umask to get the old value.
func GetUmask() Umask {
	umask := syscall.Umask(0)
	syscall.Umask(umask)
	return Umask(fs.FileMode(umask))
}