From 92f1530e96449a93eb172cb6ac920bf2b1cad603 Mon Sep 17 00:00:00 2001
From: Mathijs van Veluw <black.dex@gmail.com>
Date: Tue, 27 Aug 2024 19:37:17 +0200
Subject: [PATCH] Allow custom umask setting (#4896)

To provide a way to add more security regarding file/folder permissions
this PR adds a way to allow setting a custom `UMASK` variable.

This allows people to set a more secure default like only allowing the
owner the the process/container to read/write files and folders.

Examples:
 - `UMASK=022` File: 644 | Folder: 755 (Default of the containers)
   This means Owner read/write and group/world read-only
 - `UMASK=027` File: 640 | Folder: 750
   This means Owner read/write, group read-only, world no access
 - `UMASK=077` File: 600 | Folder: 700
   This measn Owner read/write and group/world no access

resolves #4571

Signed-off-by: BlackDex <black.dex@gmail.com>
---
 docker/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docker/start.sh b/docker/start.sh
index e9a932e4..4fac4514 100755
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -1,5 +1,9 @@
 #!/bin/sh
 
+if [ -n "${UMASK}" ]; then
+    umask "${UMASK}"
+fi
+
 if [ -r /etc/vaultwarden.sh ]; then
     . /etc/vaultwarden.sh
 elif [ -r /etc/bitwarden_rs.sh ]; then