I'm writing a few config files and directory structure from my Elixir/Erlang service, and want specific permissions on both the directories and files (rwxr-x---(750) and rw-r-----(640) respectively).Basically, I do not want any "other" accessibility on either).
For both consistency and performance reasons, I'd rather not do a write!/3 followed immediately by a chmod/2 every time. I thought maybe I'd need to do the open/2 to get this kind of flexibility. But though the permissions masks are documented in the module, they appear to only be used by the chmod/2. I looked in Erlang :file module to see if this was one of those (use Erlang modules instead), but did not find it there.
I've tried umask, which works fine when I'm running it via mix from the command line, but not when deployed through the build product buried in a systemd service. There I've tried to set both UMask=0027 or through the environment, but it just seemed to be ignored there. I'd really rather do the explicit set at create time than have a umask operation located elsewhere to get the effect though.
In Linux, file permissions are set either at create time with open with O_CREAT or using the chmod system call.
In Erlang, you have file:write_file_info to change the permissions, but when using the equivalent to O_CREAT (file:open), there's not a great deal of flexibility.
I did a quick search of the flag in the repository, and I think that the O_CREATE mode is fixed, you can see the lines here, where it's fixed to
#ifdef NO_UMASK
#define FILE_MODE 0644
#define DIR_MODE 0755
#else
#define FILE_MODE 0666
#define DIR_MODE 0777
#endif
however, umask is applied when creating files.
That being said, if the file is opened so much that the permissions check in a concern, maybe it's worth keeping it open (and thus needing only a single chmod)
Or you could set manually the permissions on the top directory of the config, if other is unable to read/traverse the top directory, it does not matter if deeper files could be read.