beancount-import icon indicating copy to clipboard operation
beancount-import copied to clipboard
verified publisher icon jbms

File permissions are lost whenever a journal file is written to

Open sclu1034 opened this issue 1 year ago • 5 comments

When creating the temporary files to write new changes, no attention seems to be payed to properly re-creating the permissions of the old file. And once the temp file is moved over, those permissions are gone.

sclu1034 avatar Jan 25 '24 16:01 sclu1034

Can you just rely on directory permissions instead?

jbms avatar Jan 25 '24 18:01 jbms

On Windows, maybe. But on *nix, permissions don't inherit like that. The files are created with mode 0o700. No matter what the directory permissions are, the group won't be able to read or write to that file.

And while a workaround is to change the umask, that's for the whole process and the same for all files. I'd rather be able to keep the (potentially different) permissions of each individual file.

sclu1034 avatar Jan 26 '24 08:01 sclu1034

Just ran into this. I am running beancount-import as a dedicated user _falsifian_beancount (hoping to gain a bit of security), and was surprised to find my .beancount files change to owner: _falsifian_beancount, mode: 600. My umask is 022 so I would expect the mode of new files to be 644 by default.

falsifian avatar Mar 21 '24 21:03 falsifian

Possibly related to https://github.com/untitaker/python-atomicwrites/issues/42

falsifian avatar Mar 21 '24 22:03 falsifian