diff --git a/server/storage/wal/repair.go b/server/storage/wal/repair.go index 53734045167..d1a887835da 100644 --- a/server/storage/wal/repair.go +++ b/server/storage/wal/repair.go @@ -67,7 +67,7 @@ func Repair(lg *zap.Logger, dirpath string) bool { case errors.Is(err, io.ErrUnexpectedEOF): brokenName := f.Name() + ".broken" - bf, bferr := os.Create(brokenName) + bf, bferr := os.OpenFile(brokenName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, fileutil.PrivateFileMode) if bferr != nil { lg.Warn("failed to create backup file", zap.String("path", brokenName), zap.Error(bferr)) return false diff --git a/server/storage/wal/repair_test.go b/server/storage/wal/repair_test.go index b1fd9d25d39..38e3641bd7b 100644 --- a/server/storage/wal/repair_test.go +++ b/server/storage/wal/repair_test.go @@ -18,12 +18,14 @@ import ( "fmt" "io" "os" + "path/filepath" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/zap/zaptest" + "go.etcd.io/etcd/client/pkg/v3/fileutil" "go.etcd.io/etcd/server/v3/storage/wal/walpb" "go.etcd.io/raft/v3/raftpb" ) @@ -77,6 +79,14 @@ func testRepair(t *testing.T, ents [][]raftpb.Entry, corrupt corruptFunc, expect // repair the wal require.True(t, Repair(lg, p), "'Repair' returned 'false', want 'true'") + // verify the broken wal has correct permissions + bf := filepath.Join(p, filepath.Base(w.tail().Name())+".broken") + fi, err := os.Stat(bf) + require.NoError(t, err) + expectedPerms := fmt.Sprintf("%o", os.FileMode(fileutil.PrivateFileMode)) + actualPerms := fmt.Sprintf("%o", fi.Mode().Perm()) + require.Equal(t, expectedPerms, actualPerms, "unexpected file permissions on .broken wal") + // read it back w, err = Open(lg, p, walpb.Snapshot{}) require.NoError(t, err)