Secure umask enforced during installation.

For safety, a umask of 022 prohibiting both group and other writability is now enforced during OMZ installation. In theory, this should reduce the likelihood of subsequent compinit() failures due to insecure directory permissions under all platforms except for default Cygwin installations (in which Windows ACLs override POSIX umasks).

Secure umask enforced during installation.
For safety, a umask of 022 prohibiting both group and other writability is now enforced during OMZ installation. In theory, this should reduce the likelihood of subsequent compinit() failures due to insecure directory permissions under all platforms except for default Cygwin installations (in which Windows ACLs override POSIX umasks).
da395c58 · leycec · cb551614 · da395c58
Commit da395c58 authored Jul 11, 2015 by leycec
--- a/tools/install.sh
+++ b/tools/install.sh
@@ -9,6 +9,13 @@ if [ -d "$ZSH" ]; then
  exit
 fi
+# Prevent the cloned repository from having insecure permissions. Failing to do
+# so causes compinit() calls to fail with "command not found: compdef" errors
+# for users with insecure umasks (e.g., "002", allowing group writability). Note
+# that this will be ignored under Cygwin by default, as Windows ACLs take
+# precedence over umasks except for filesystems mounted with option "noacl".
+umask g-w,o-w
 echo "\033[0;34mCloning Oh My Zsh...\033[0m"
 hash git >/dev/null 2>&1 && env git clone --depth=1 https://github.com/robbyrussell/oh-my-zsh.git $ZSH || {
  echo "git not installed"