Process umask shouldn't allow world-readable files

This ensures that image cache files and file-backed images are not world-readable. Fix LP bug 1031796 Change-Id: I85a26b4e645e7cb32e17164e47fad62f4c44976a
openstack · Aug 1, 2012 · e7919a2 · e7919a2
1 parent eeedad3
commit e7919a2
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/glance/common/wsgi.py b/glance/common/wsgi.py
@@ -169,6 +169,7 @@ def hup(*args):
         self.application = application
         self.sock = get_socket(default_port)
 
+        os.umask(027)  # ensure files are created with the correct privileges
         self.logger = os_logging.getLogger('eventlet.wsgi.server')
 
         if CONF.workers == 0: