# HG changeset patch # User Matthew Wild # Date 1779985546 -3600 # Node ID a874c3f4570a61db47d7952f33d1ede24de47c26 # Parent 0ff587d7c742dfba0902a29ac18858e762a2b31e util.startup: Always apply umask (thanks Max Hearnden) Commit c673ff1075bd removed mod_posix, and moved functionality into util.startup, including applying a secure umask at runtime. However, the new function was not called from the startup sequence, leading Prosody to run with whatever umask it inherited from the environment. Prosody Debian packages ship with a secure umask 027 in the systemd unit file for the prosody service, so Debian systems using systemd are not affected. prosodyctl calls the switch_user() function during startup, which would set the umask, so prosodyctl commands which created files were unaffected. This change makes both prosody and prosodyctl unconditionally set a secure umask during the startup process. diff -r 0ff587d7c742 -r a874c3f4570a util/startup.lua --- a/util/startup.lua Wed Feb 11 15:36:28 2026 +0000 +++ b/util/startup.lua Thu May 28 17:25:46 2026 +0100 @@ -634,8 +634,6 @@ end end - -- Set our umask to protect data files - pposix.umask(config.get("*", "umask") or "027"); pposix.setenv("HOME", prosody.paths.data); pposix.setenv("PROSODY_CONFIG", prosody.config_file); else @@ -725,9 +723,9 @@ end end -function startup.posix_umask() +function startup.set_umask() if prosody.platform ~= "posix" then return end - local pposix = require "prosody.util.pposix"; + local pposix = check_posix(); local umask = config.get("*", "umask") or "027"; pposix.umask(umask); end @@ -936,6 +934,7 @@ startup.chdir(); startup.read_version(); startup.switch_user(); + startup.set_umask(); startup.check_dependencies(); startup.log_startup_warnings(); startup.check_unwriteable(); @@ -964,6 +963,7 @@ startup.setup_plugin_install_path(); startup.setup_datadir(); startup.chdir(); + startup.set_umask(); startup.add_global_prosody_functions(); startup.read_version(); startup.log_greeting();