[PR #4896] Allow custom umask setting #16370

New Issue

Closed

opened 2026-04-23 07:50:10 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-23 07:50:10 -05:00

Owner

Copy Link

Original Pull Request: https://github.com/dani-garcia/vaultwarden/pull/4896

State: closed
Merged: Yes

---

To provide a way to add more security regarding file/folder permissions this PR adds a way to allow setting a custom UMASK variable.

This allows people to set a more secure default like only allowing the owner the the process/container to read/write files and folders.

Examples:

• UMASK=022 File: 644 | Folder: 755 (Default of the containers)
  This means Owner read/write and group/world read-only

• UMASK=027 File: 640 | Folder: 750
  This means Owner read/write, group read-only, world no access

• UMASK=077 File: 600 | Folder: 700
  This means Owner read/write and group/world no access

resolves #4571

**Original Pull Request:** https://github.com/dani-garcia/vaultwarden/pull/4896 **State:** closed **Merged:** Yes --- To provide a way to add more security regarding file/folder permissions this PR adds a way to allow setting a custom `UMASK` variable. This allows people to set a more secure default like only allowing the owner the the process/container to read/write files and folders. Examples: - `UMASK=022` File: 644 | Folder: 755 (Default of the containers) This means Owner read/write and group/world read-only - `UMASK=027` File: 640 | Folder: 750 This means Owner read/write, group read-only, world no access - `UMASK=077` File: 600 | Folder: 700 This means Owner read/write and group/world no access resolves #4571

GiteaMirror added the pull-request label 2026-04-23 07:50:10 -05:00

GiteaMirror closed this issue 2026-04-23 07:50:11 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.36.0

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#16370