Set least permissive file mode for files created/managed by etcd-backup-restore

docs/operations/manual_restoration.md

@@ -31,8 +31,9 @@ You may choose to follow different methods of restoration, based on your etcd +
         Once the spec is changed, monitor the logs to make sure restoration occurs. Once restoration is complete, change the container spec back to its previous state and restart the pod. This should purge any previous issues with etcd or backup sidecar, and start snapshotting successfully.
 
 1. Deploying etcd and etcdbrctl separately, where etcdbrctl is started in `server` mode
-    1. If using [this bootstrap script](https://github.com/gardener/etcd-custom-image/blob/master/etcd_bootstrap_script.sh) for starting etcd, then deleting the `member` directory under the etcd data directory should kill the etcd process, and subsequently the script finishes execution and exits. You will have to re-run the script and allow it to trigger data validation anf restoration by etcdbrctl.
-    1. If not using the bootstrap script, then:
+    1. If running [etcd-wrapper](https://github.com/gardener/etcd-wrapper/) or legacy [etcd-custom-image](https://github.com/gardener/etcd-custom-image/) for running the etcd, then deleting the `member` directory under the etcd data directory should kill the etcd process, and subsequently the etcd-wrapper or etcd-custom-image process finishes execution and exits. You will have to re-run the etcd via one of the components and allow it to trigger data validation anf restoration by etcdbrctl.
+        1. If running etcd-wrapper or etcd-custom-image via Kubernetes pods, where the pods are managed by a pod-group such as a statefulset, then the statefulset controller takes care of restarting the pod once it crashes, and there is no need to manually restart the pod or the etcd process.
+    1. If not running etcd via the above-mentioned method, then:
         1. Delete the `member` directory and wait for etcd to crash
         1. `curl http://localhost:8080/initialization/status`, assuming etcdbrctl is running on port 8080
         1. `curl http://localhost:8080/initialization/start`

main.go

@@ -22,6 +22,8 @@ func main() {
 		runtime.GOMAXPROCS(runtime.NumCPU())
 	}
 
+	syscall.Umask(0077)
+
 	ctx := setupSignalHandler()
 	command := cmd.NewBackupRestoreCommand(ctx)
 	if err := command.Execute(); err != nil {

pkg/initializer/validator/datavalidator.go

@@ -90,16 +90,20 @@ func (d *DataValidator) sanityCheck(failBelowRevision int64) (DataDirStatus, err
 		// create the file `safe_guard` if it doesn't exist
 		if _, err := os.Stat(path); err != nil {
 			if errors.Is(err, os.ErrNotExist) {
-				data := []byte(namespace)
-				err := os.WriteFile(path, data, 0600)
-				if err != nil {
+				if err = os.WriteFile(path, []byte(namespace), 0600); err != nil {
 					d.Logger.Fatalf("can't create `safe_guard` file because : %v", err)
 				}
 			} else {
 				d.Logger.Fatalf("can't check if the `safe_guard` file exists or not because : %v", err)
 			}
 		}
 
+		// change file permission to handle previously created files with too wide permissions.
+		// TODO (shreyas-s-rao): remove this code to change file mode, in etcd-backup-restore:v0.36.0.
+		if err := os.Chmod(path, 0600); err != nil {
+			d.Logger.Fatalf("can't change the permission of the `safe_guard` file because : %v", err)
+		}
+
 		// read the content of the file safe_guard and match it with the environment variable
 		content, err := os.ReadFile(path)
 		if err != nil {
@@ -288,7 +292,7 @@ func verifyDB(path string) error {
 	}()
 
 	// Open database.
-	db, err := bolt.Open(path, 0666, &bolt.Options{Timeout: timeoutToOpenBoltDB})
+	db, err := bolt.Open(path, 0600, &bolt.Options{Timeout: timeoutToOpenBoltDB})
 	if err != nil {
 		return err
 	}