From c1d8cd03137d8c678dbfaf92ba3dd604f4fcc65f Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Fri, 29 Aug 2025 12:59:01 +0200 Subject: [PATCH] Atomic permissions during file copy Temporary file is now set to promised permissions before replacing it with original during remote copy from. Ticket: ENT-13163 Changelog: Commit Signed-off-by: Lars Erik Wik --- cf-agent/verify_files_utils.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cf-agent/verify_files_utils.c b/cf-agent/verify_files_utils.c index d8c58fb136..353d7c4cc1 100644 --- a/cf-agent/verify_files_utils.c +++ b/cf-agent/verify_files_utils.c @@ -71,6 +71,7 @@ #include #include +#include "cf3.defs.h" #define CF_RECURSION_LIMIT 100 @@ -1570,6 +1571,13 @@ bool CopyRegularFile(EvalContext *ctx, const char *source, const char *dest, con } mode &= 0777; /* Never preserve SUID bit */ + /* If perms are promised for this file, use those instead */ + if ((attr->perms.plus != CF_SAMEMODE) && (attr->perms.minus != CF_SAMEMODE)) + { + mode |= attr->perms.plus; + mode &= ~(attr->perms.minus); + } + if (!CopyRegularFileNet(source, dest, ToChangesPath(new), sstat->st_size, attr->copy.encrypt, conn, mode)) {