From 09cb1b61c8f48284d9c42bd911faa7525cc689c7 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Fri, 23 Jun 2017 14:50:39 +0100
Subject: [PATCH] [468] Set persistence file to only be readable by owner.

Not implemented on Windows.

Thanks to Moshe Zioni.

Bug: https://github.com/eclipse/mosquitto/issues/468
---
 ChangeLog.txt | 2 ++
 src/persist.c | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 3e1691be..5540fda0 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -2,6 +2,8 @@ Broker:
 - Fix for poor websockets performance.
 - Fix lazy bridges not timing out for idle_timeout. Closes #417.
 - Fix problems with large retained messages over websockets. Closes #427.
+- Set persistence file to only be readable by owner, except on Windows. Closes
+  #468.
 
 Clients:
 - Don't use / in auto-generated client ids.
diff --git a/src/persist.c b/src/persist.c
index 024317a2..f5ba0cd8 100644
--- a/src/persist.c
+++ b/src/persist.c
@@ -402,6 +402,9 @@ int mqtt3_db_backup(struct mosquitto_db *db, bool shutdown)
 			goto error;
 		}
 	}
+
+	/* Set permissions to -rw------- */
+	umask(0077);
 #endif
 
 	db_fptr = _mosquitto_fopen(outfile, "wb");