Inconsistent directory permissions for ~/.docker directory

[thaJeztah]

Opening as a tracking issue, following the discussion on moby/buildkit#1660 (comment), which highlighted that depending on which path in the code is taken, permissions on the ~/.docker may be either 0700 or 0755;

cli/cli/config/configfile/file.go

Line 187 in 6703919

if err := os.MkdirAll(dir, 0700); err != nil {

cli/cli/context/store/metadatastore.go

Line 31 in 6703919

if err := os.MkdirAll(contextDir, 0755); err != nil {

The second example was added later, so should probably be updated to match the former, although less restrictive permissions would likely not be a problem in most cases as this directory (in the default case) will be inside the user's home directory, which should already be inaccessible for other users.

[thaJeztah]

/cc @tonistiigi @justincormack @chris-crone

[chris-crone]

I don't see a reason for the context store being more permissive than the .docker directory. Maybe @simonferquel had something specific in mind?

[simonferquel]

No specifics in mind. Tls materials dirs was also created with 0700 as well I think.