From 636e2cea5787f8adb42a706e1f83a76d7ace6026 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 19 Aug 2016 13:32:08 +0200
Subject: [PATCH] (configd, templates) copy parents permissions, without exec
 bit

---
 src/opnsense/service/modules/template.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/opnsense/service/modules/template.py b/src/opnsense/service/modules/template.py
index 9fdbcb31f..6683da2f1 100644
--- a/src/opnsense/service/modules/template.py
+++ b/src/opnsense/service/modules/template.py
@@ -30,6 +30,7 @@
 """
 import os
 import os.path
+import stat
 import syslog
 import collections
 import traceback
@@ -280,6 +281,9 @@ class Template(object):
                             if last_bytes_template in ('\n', '\r'):
                                 f_out.write('\n')
                         f_out.close()
+                        # copy root permissions, without exec
+                        root_perm = stat.S_IMODE(os.lstat(os.path.dirname(filename)).st_mode)
+                        os.chmod(filename, root_perm & (~stat.S_IXGRP & ~stat.S_IXUSR & ~stat.S_IXOTH))
 
                         result.append(filename)