From 5dcba2f89fa5a20c6535e15f859aaef466ce4b90 Mon Sep 17 00:00:00 2001 From: Henrik Lissner Date: Fri, 1 Nov 2024 03:31:30 -0400 Subject: [PATCH] fix: permissions for local dirs This prevents edge cases where these directories are created with permissions that prevent Emacs from writing to them. This can happy either due to an overly-restrictive default umask, `set-default-file-modes` call, or if `doom-profiles-save` is instructed to write a file whose parent doesn't exist yet. Fix: #8134 --- lisp/doom-cli.el | 11 ++++++----- lisp/doom-profiles.el | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lisp/doom-cli.el b/lisp/doom-cli.el index 54ddf4baa..1a22fafa1 100644 --- a/lisp/doom-cli.el +++ b/lisp/doom-cli.el @@ -19,11 +19,12 @@ ;; REVIEW: Remove these later. The endpoints should be responsibile for ;; ensuring they exist. For now, they exist to quell file errors. -(mapc (doom-rpartial #'make-directory 'parents) - (list doom-local-dir - doom-data-dir - doom-cache-dir - doom-state-dir)) +(with-file-modes #o700 + (mapc (doom-rpartial #'make-directory 'parents) + (list doom-local-dir + doom-data-dir + doom-cache-dir + doom-state-dir))) ;; HACK: bin/doom suppresses loading of site files so they can be loaded ;; manually, here. Why? To suppress the otherwise unavoidable output they diff --git a/lisp/doom-profiles.el b/lisp/doom-profiles.el index 47b09de64..4e3e8816d 100644 --- a/lisp/doom-profiles.el +++ b/lisp/doom-profiles.el @@ -243,7 +243,7 @@ caches them in `doom--profiles'. If RELOAD? is non-nil, refresh the cache." ;; `user-emacs-directory' requires that it end in a directory ;; separator, but users may forget this in their profile configs. (setq user-emacs-directory (file-name-as-directory user-emacs-directory)))) - :mode #o600 + :mode (cons #o600 #o700) :printfn #'pp) (print-group! (or (let ((byte-compile-warnings (if init-file-debug byte-compile-warnings))