Introduce the new option -M to allow to set the permissions of

the user's newly created home directory.  If omitted, it's derived
from the current umask.

PR:      bin/16880, bin/83253 (partially), bin/104248
MFC in:  1 month

usr.sbin/pw/pw.8

@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 9, 2006
+.Dd March 27, 2007
 .Dt PW 8
 .Os
 .Sh NAME
@@ -46,6 +46,7 @@
 .Op Fl g Ar group
 .Op Fl G Ar grouplist
 .Op Fl m
+.Op Fl M Ar mode
 .Op Fl k Ar dir
 .Op Fl w Ar method
 .Op Fl s Ar shell
@@ -97,6 +98,7 @@
 .Op Fl G Ar grouplist
 .Op Fl l Ar name
 .Op Fl m
+.Op Fl M Ar mode
 .Op Fl k Ar dir
 .Op Fl w Ar method
 .Op Fl s Ar shell
@@ -449,6 +451,14 @@ option (see below), bearing the name of the new account.
 This can be overridden by the
 .Fl d
 option on the command line, if desired.
+.It Fl M Ar mode
+Create the user's home directory with the specified
+.Ar mode .
+If omitted, it is derived from the parent process'
+.Xr umask 2 .
+This option is only useful in combination with the
+.Fl m
+flag.
 .It Fl k Ar dir
 Set the
 .Ar skeleton
@@ -959,6 +969,7 @@ No base home directory configured.
 .Sh SEE ALSO
 .Xr chpass 1 ,
 .Xr passwd 1 ,
+.Xr umask 2 ,
 .Xr group 5 ,
 .Xr login.conf 5 ,
 .Xr passwd 5 ,

usr.sbin/pw/pw.c

@@ -106,9 +106,9 @@ main(int argc, char *argv[])
 	static const char *opts[W_NUM][M_NUM] =
 	{
 		{ /* user */
-			"V:C:qn:u:c:d:e:p:g:G:mk:s:oL:i:w:h:H:Db:NPy:Y",
+			"V:C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y",
 			"V:C:qn:u:rY",
-			"V:C:qn:u:c:d:e:p:g:G:ml:k:s:w:L:h:H:FNPY",
+			"V:C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:FNPY",
 			"V:C:qn:u:FPa7",
 			"V:C:q",
 			"V:C:q",
@@ -129,7 +129,6 @@ main(int argc, char *argv[])
 		pw_group
 	};
 
-	umask(0);		/* We wish to handle this manually */
 	LIST_INIT(&arglist);
 
 	(void)setlocale(LC_ALL, "");

usr.sbin/pw/pw_user.c

@@ -115,6 +115,9 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
 	struct stat     st;
 	char            line[_PASSWORD_LEN+1];
 	FILE	       *fp;
+	mode_t dmode;
+	char *dmode_c;
+	void *set = NULL;
 
 	static struct passwd fakeuser =
 	{
@@ -156,6 +159,16 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
 		cnf->home = arg->val;
 	}
 
+	if ((arg = getarg(args, 'M')) != NULL) {
+		dmode_c = arg->val;
+		if ((set = setmode(dmode_c)) == NULL)
+			errx(EX_DATAERR, "invalid directory creation mode '%s'",
+			    dmode_c);
+		dmode = getmode(set, S_IRWXU | S_IRWXG | S_IRWXO);
+		free(set);
+	} else
+		dmode = S_IRWXU | S_IRWXG | S_IRWXO;
+
 	/*
 	 * If we'll need to use it or we're updating it,
 	 * then create the base home directory if necessary
@@ -181,7 +194,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
 			if (strchr(cnf->home+1, '/') == NULL) {
 				strcpy(dbuf, "/usr");
 				strncat(dbuf, cnf->home, MAXPATHLEN-5);
-				if (mkdir(dbuf, 0755) != -1 || errno == EEXIST) {
+				if (mkdir(dbuf, dmode) != -1 || errno == EEXIST) {
 					chown(dbuf, 0, 0);
 					/*
 					 * Skip first "/" and create symlink:
@@ -197,7 +210,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
 				while ((p = strchr(++p, '/')) != NULL) {
 					*p = '\0';
 					if (stat(dbuf, &st) == -1) {
-						if (mkdir(dbuf, 0755) == -1)
+						if (mkdir(dbuf, dmode) == -1)
 							goto direrr;
 						chown(dbuf, 0, 0);
 					} else if (!S_ISDIR(st.st_mode))
@@ -206,7 +219,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
 				}
 			}
 			if (stat(dbuf, &st) == -1) {
-				if (mkdir(dbuf, 0755) == -1) {
+				if (mkdir(dbuf, dmode) == -1) {
 				direrr:	err(EX_OSFILE, "mkdir '%s'", dbuf);
 				}
 				chown(dbuf, 0, 0);
@@ -763,7 +776,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args)
 	 * existing files will *not* be overwritten.
 	 */
 	if (!PWALTDIR() && getarg(args, 'm') != NULL && pwd->pw_dir && *pwd->pw_dir == '/' && pwd->pw_dir[1]) {
-		copymkdir(pwd->pw_dir, cnf->dotdir, 0755, pwd->pw_uid, pwd->pw_gid);
+		copymkdir(pwd->pw_dir, cnf->dotdir, dmode, pwd->pw_uid, pwd->pw_gid);
 		pw_log(cnf, mode, W_USER, "%s(%ld) home %s made",
 		       pwd->pw_name, (long) pwd->pw_uid, pwd->pw_dir);
 	}