agent: Keep some permissions of private-keys-v1.d.

* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312

1 files changed, 13 insertions, 3 deletions

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index bbad80074..f167c96db 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2273,10 +2273,20 @@ create_private_keys_directory (const char *home)
                    fname, strerror (errno) );
       else if (!opt.quiet)
         log_info (_("directory '%s' created\n"), fname);
+
+      if (gnupg_chmod (fname, "-rwx"))
+        log_error (_("can't set permissions of '%s': %s\n"),
+                   fname, strerror (errno));
+    }
+  else
+    {
+      /* The file exists or another error.  Make sure we have sensible
+       * permissions.  We enforce rwx for user but keep existing group
+       * permissions.  Permissions for other are always cleared.  */
+      if (gnupg_chmod (fname, "-rwx...---"))
+        log_error (_("can't set permissions of '%s': %s\n"),
+                   fname, strerror (errno));
     }
-  if (gnupg_chmod (fname, "-rwx"))
-    log_error (_("can't set permissions of '%s': %s\n"),
-               fname, strerror (errno));
   xfree (fname);
 }