From 8a4f77bbd13bcf1fe9fac4ef38112efb8bd8de14 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 4 Sep 2023 20:34:52 +0200
Subject: [PATCH] Core/Config - Use new File::file_put_contents() method to
 enforce access rights on backups and set initial access rights of the backup
 dir upon creation.

---
 src/opnsense/mvc/app/library/OPNsense/Core/Config.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/library/OPNsense/Core/Config.php b/src/opnsense/mvc/app/library/OPNsense/Core/Config.php
index f7183f0e0..694cb855c 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Core/Config.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Core/Config.php
@@ -546,6 +546,7 @@ class Config extends Singleton
         if (!file_exists($target_dir)) {
             // create backup directory if it is missing
             mkdir($target_dir);
+            chmod($target_dir, 0750);
         }
         if (file_exists($target_dir . "config-" . $timestamp . ".xml")) {
             // The new target backup filename shouldn't exists, because of the use of microtime.
@@ -555,7 +556,7 @@ class Config extends Singleton
         } else {
             $target_filename = "config-" . $timestamp . ".xml";
         }
-        copy($this->config_file, $target_dir . $target_filename);
+        File::file_put_contents($target_dir . $target_filename, file_get_contents($this->config_file), 0640);
 
         return $target_dir . $target_filename;
     }