Skip to content

v1.2.1

Choose a tag to compare

View all tags
@nopoz nopoz released this 30 May 01:29
· 9 commits to main since this release
v1.2.1
3ef0cb8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Fixes

Export file modes now enforced with chmod, not just umask

PORTAINER_BACKUP_UMASK (v1.2.0) had no effect on filesystems with inherited ACLs, most notably Synology shared folders, which stamp an ACL on every newly created file that overrides the process umask. Exports there landed world-readable (755), including .env and stack metadata. Truncating writes also preserve an existing file's mode, so re-exports never tightened a pre-existing tree.

export now derives the file/dir modes from the umask and chmods the whole backup tree at the end of every run. chmod sticks where umask does not, so secrets end up owner-only (600, dirs 700 by default) on every run and on every filesystem. Verified on a live Synology DSM volume.

Full changelog: v1.2.0...v1.2.1

Assets 2
Loading