git: 2d6a03dd43c7 - stable/13 - rc.conf(5): add <service>_umask to run the service using this value

From: Eugene Grosbein <eugen_at_FreeBSD.org>
Date: Sat, 02 Dec 2023 08:16:10 UTC
The branch stable/13 has been updated by eugen:

URL: https://cgit.FreeBSD.org/src/commit/?id=2d6a03dd43c758cdd7c7dd9590459d1aa77d4333

commit 2d6a03dd43c758cdd7c7dd9590459d1aa77d4333
Author:     Eugene Grosbein <eugen@FreeBSD.org>
AuthorDate: 2022-08-28 05:45:23 +0000
Commit:     Eugene Grosbein <eugen@FreeBSD.org>
CommitDate: 2023-12-02 08:15:52 +0000

    rc.conf(5): add <service>_umask to run the service using this value
    
    None of tools working with login classes change umask(1)
    and we had no ways to specify non-default umask for a service
    not touching its startup script. This change makes in possible.
    
    Some file-sharing services that create new files may benefit from it.
    
    Differential:   https://reviews.freebsd.org/D36309
    
    (cherry picked from commit 160a2f2cdda806e104c0d3194bfb84b208ad1ae8)
---
 libexec/rc/rc.subr       | 10 +++++++++-
 share/man/man5/rc.conf.5 |  8 +++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index 2f9ce7f54bef..04b30cac40a7 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -790,6 +790,8 @@ startmsg()
 #
 #	${name}_oomprotect n	Don't kill ${command} when swap space is exhausted.
 #
+#	${name}_umask	n	The file creation mask to run ${command} with.
+#
 #	${name}_user	n	User to run ${command} as, using su(1) if not
 #				using ${name}_chroot.
 #				Requires /usr to be mounted.
@@ -990,7 +992,8 @@ run_rc_command()
 	    _fib=\$${name}_fib		_env=\$${name}_env \
 	    _prepend=\$${name}_prepend	_login_class=\${${name}_login_class:-daemon} \
 	    _limits=\$${name}_limits	_oomprotect=\$${name}_oomprotect \
-	    _setup=\$${name}_setup	_env_file=\$${name}_env_file
+	    _setup=\$${name}_setup	_env_file=\$${name}_env_file \
+	    _umask=\$${name}_umask
 
 	if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then	# load env from file
 		set -a
@@ -1352,9 +1355,14 @@ _run_rc_postcmd()
 
 _run_rc_doit()
 {
+	local _m
+
 	debug "run_rc_command: doit: $*"
+	_m=$(umask)
+	${_umask:+umask ${_umask}}
 	eval "$@"
 	_return=$?
+	umask ${_m}
 
 	# If command failed and force isn't set, request exit.
 	if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 666ccbbc6b6e..8f105e679b55 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd September 18, 2023
+.Dd December 2, 2023
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -237,6 +237,11 @@ such as PostgreSQL will not inherit the OOM killer protection.
 .Pp
 This variable has no effect on services running within a
 .Xr jail 8 .
+.It Ao Ar name Ac Ns Va _umask
+.Pq Vt int
+Run the service using this
+.Xr umask 1
+value.
 .It Ao Ar name Ac Ns Va _user
 .Pq Vt str
 Run the service under this user account.
@@ -4730,6 +4735,7 @@ The default is 10.
 .Xr limits 1 ,
 .Xr protect 1 ,
 .Xr sh 1 ,
+.Xr umask 1 ,
 .Xr vi 1 ,
 .Xr vidcontrol 1 ,
 .Xr bridge 4 ,