feat: Allow file and directory creation modes to be configured

The defaults remain the same as before. For now, the config options are global instead of per-user. Note also that the BoltDB creation maintains the old default mode of 0640 since it's not really a user-facing filesystem manipulation. Fixes #5316, #5200
2025-11-26 14:25:26 +08:00 · 2025-07-20 18:21:52 -07:00
parent 5b7ea9f95a
commit 21ad653b7e
12 changed files with 73 additions and 41 deletions
--- a/settings/settings.go
+++ b/settings/settings.go
@@ -2,6 +2,7 @@ package settings

 import (
 	"crypto/rand"
+	"io/fs"
 	"log"
 	"strings"
 	"time"
@@ -11,6 +12,8 @@ import (

 const DefaultUsersHomeBasePath = "/users"
 const DefaultMinimumPasswordLength = 12
+const DefaultFileMode = 0640
+const DefaultDirMode = 0750

 // AuthMethod describes an authentication method.
 type AuthMethod string
@@ -29,6 +32,8 @@ type Settings struct {
 	Shell                 []string            `json:"shell"`
 	Rules                 []rules.Rule        `json:"rules"`
 	MinimumPasswordLength uint                `json:"minimumPasswordLength"`
+	FileMode              fs.FileMode         `json:"fileMode"`
+	DirMode               fs.FileMode         `json:"dirMode"`
 }

 // GetRules implements rules.Provider.
--- a/settings/storage.go
+++ b/settings/storage.go
@@ -42,6 +42,12 @@ func (s *Storage) Get() (*Settings, error) {
 			RetryCount: DefaultTusRetryCount,
 		}
 	}
+	if set.FileMode == 0 {
+		set.FileMode = DefaultFileMode
+	}
+	if set.DirMode == 0 {
+		set.DirMode = DefaultDirMode
+	}
 	return set, nil
 }