fix: permissions for local dirs

This prevents edge cases where these directories are created with permissions that prevent Emacs from writing to them. This can happy either due to an overly-restrictive default umask, `set-default-file-modes` call, or if `doom-profiles-save` is instructed to write a file whose parent doesn't exist yet. Fix: #8134
2025-08-01 12:17:25 -05:00 · 2024-11-01 03:31:30 -04:00
parent bbf733c5e0
commit 5dcba2f89f
2 changed files with 7 additions and 6 deletions
--- a/lisp/doom-cli.el
+++ b/lisp/doom-cli.el
@ -19,11 +19,12 @@

 ;; REVIEW: Remove these later. The endpoints should be responsibile for
 ;;   ensuring they exist. For now, they exist to quell file errors.
-(mapc (doom-rpartial #'make-directory 'parents)
-      (list doom-local-dir
-            doom-data-dir
-            doom-cache-dir
-            doom-state-dir))
+(with-file-modes #o700
+  (mapc (doom-rpartial #'make-directory 'parents)
+        (list doom-local-dir
+              doom-data-dir
+              doom-cache-dir
+              doom-state-dir)))

 ;; HACK: bin/doom suppresses loading of site files so they can be loaded
 ;;   manually, here. Why? To suppress the otherwise unavoidable output they
--- a/lisp/doom-profiles.el
+++ b/lisp/doom-profiles.el
@ -243,7 +243,7 @@ caches them in `doom--profiles'. If RELOAD? is non-nil, refresh the cache."
            ;; `user-emacs-directory' requires that it end in a directory
            ;; separator, but users may forget this in their profile configs.
            (setq user-emacs-directory (file-name-as-directory user-emacs-directory))))
-   :mode #o600
+   :mode (cons #o600 #o700)
   :printfn #'pp)
  (print-group!
    (or (let ((byte-compile-warnings (if init-file-debug byte-compile-warnings))