daemon: Set the umask to 022 when starting.

* nix/nix-daemon/guix-daemon.cc (main): Add 'umask' call.
* test-env.in: Remove use of 'umask'.

2 files changed, 6 insertions, 4 deletions

diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index e2c30e75a8..4f9fa4c525 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -29,6 +29,7 @@
 #include <argp.h>
 #include <unistd.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <exception>
 
 /* Variables used by `nix-daemon.cc'.  */
@@ -194,6 +195,11 @@ main (int argc, char *argv[])
       exit (EXIT_FAILURE);
     }
 
+  /* Set the umask so that the daemon does not end up creating group-writable
+     files, which would lead to "suspicious ownership or permission" errors.
+     See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.  */
+  umask (S_IWGRP | S_IWOTH);
+
 #ifdef HAVE_CHROOT
   settings.useChroot = true;
 #else
diff --git a/test-env.in b/test-env.in
index ed31f88141..9224a80537 100644
--- a/test-env.in
+++ b/test-env.in
@@ -56,10 +56,6 @@ then
     # Do that because store.scm calls `canonicalize-path' on it.
     mkdir -p "$NIX_STORE_DIR"
 
-    # Set the umask to avoid "suspicious ownership or permission" errors.
-    # See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.
-    umask 0022
-
     # Launch the daemon without chroot support because is may be
     # unavailable, for instance if we're not running as root.
     "@abs_top_builddir@/pre-inst-env"				\