mkdir: create directories atomically with correct permissions #10036

rynewang · 2026-01-03T20:56:27Z

Fix #10022: mkdir -m MODE was creating directories with umask-based permissions first, then calling chmod afterward. This left a brief window where the directory existed with wrong permissions.

Now we match GNU mkdir behavior by temporarily setting umask to 0 before the mkdir syscall, passing the exact requested mode to the kernel, then restoring the original umask. The directory is created atomically with the correct permissions.

Before (two syscalls, race condition):
mkdir("dir", 0777) -> created with 0755 (umask applied)
chmod("dir", 0700) -> fixed afterward

After (single syscall, atomic):
umask(0)
mkdir("dir", 0700) -> created with exact mode
umask(original)

Also added tests to verify -m MODE bypasses umask correctly.

Fix uutils#10022: mkdir -m MODE was creating directories with umask-based permissions first, then calling chmod afterward. This left a brief window where the directory existed with wrong permissions. Now we match GNU mkdir behavior by temporarily setting umask to 0 before the mkdir syscall, passing the exact requested mode to the kernel, then restoring the original umask. The directory is created atomically with the correct permissions. Before (two syscalls, race condition): mkdir("dir", 0777) -> created with 0755 (umask applied) chmod("dir", 0700) -> fixed afterward After (single syscall, atomic): umask(0) mkdir("dir", 0700) -> created with exact mode umask(original) Also added tests to verify -m MODE bypasses umask correctly.

alippai · 2026-01-03T21:19:47Z

Is coreutils supposed to be used as a multithreaded lib? Umask changes the whole process, all threads. If safety is needed adding Drop + mutex can make it more robust

github-actions · 2026-01-03T21:46:50Z

GNU testsuite comparison:

Congrats! The gnu test tests/tail/follow-name is no longer failing!

sylvestre · 2026-01-03T21:55:53Z

Is coreutils supposed to be used as a multithreaded lib? Umask changes the whole process, all threads. If safety is needed adding Drop + mutex can make it more robust

Yes and no. We focus on the cli first but we have some users like nushell.

rynewang · 2026-01-03T22:27:46Z

I can add mutex and Drop but I wonder how much it can help. If a downstream user users uutils/coreutils as a library then their own umask or fork calls can't be protected by any of our mutexes.

rynewang · 2026-01-03T22:29:19Z

One approach is to fork a subprocess that does umask, mkdir and exit. But I wonder if this is an overkill and a mutex + drop guard is enough?

rynewang · 2026-01-04T17:49:30Z

@sylvestre can you provide some directions on whether I should go with:

a drop guard, or
fork a subprocess to umask and mkdir and exit ?

sylvestre · 2026-01-04T18:02:49Z

for now, just focus on the binary itself, we will see for the lib later

Add RAII guard to ensure umask is restored even on panic. Encapsulate unsafe umask calls in UmaskGuard::set() for a safe interface.

rynewang · 2026-01-04T18:25:56Z

updated with the drop guard

- Add RAII to spell-checker ignore list - Narrow chmod cfg to Linux only (only used for ACL bits)

github-actions · 2026-01-04T18:44:19Z

GNU testsuite comparison:

GNU test failed: tests/sort/sort-stale-thread-mem. tests/sort/sort-stale-thread-mem is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)

sylvestre · 2026-01-04T18:54:30Z

some jobs are failing

FromIo is only used in chmod, which is now Linux-only.

github-actions · 2026-01-04T19:09:40Z

GNU testsuite comparison:

Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)
Note: The gnu test tests/csplit/csplit-heap is now being skipped but was previously passing.

rynewang · 2026-01-05T18:07:57Z

Looks like the benchmark failure is from flaky test on join not mkdir

sylvestre · 2026-01-18T11:42:18Z

well done

0xferrous · 2026-01-21T11:18:39Z

seems like this also fixed a bug in gid bit not getting inherited, i bisected with the following test:

#!/usr/bin/env nu

def main [] {
    cargo b -p uu_mkdir
    alias mkdir = ./target/debug/mkdir
    if ("test-dir" | path exists) {
        rm -rv test-dir
    }

    mkdir test-dir
    chgrp agent test-dir
    chmod g+rwxs test-dir

    mkdir -p test-dir/foo/bar/baz
    let perms = ls -lD test-dir/foo/bar/baz | get mode | str substring 5..5
    print $"perms: ($perms)"
    print ($perms == "s")
}

fails for d72d6f7
but works for 037b958
hence, identifying this is the pr where the problem gets fixed

although, seems like an unrelated side effect from this pr.

…#10036) * mkdir: create directories atomically with correct permissions Fix uutils#10022: mkdir -m MODE was creating directories with umask-based permissions first, then calling chmod afterward. This left a brief window where the directory existed with wrong permissions. Now we match GNU mkdir behavior by temporarily setting umask to 0 before the mkdir syscall, passing the exact requested mode to the kernel, then restoring the original umask. The directory is created atomically with the correct permissions. Before (two syscalls, race condition): mkdir("dir", 0777) -> created with 0755 (umask applied) chmod("dir", 0700) -> fixed afterward After (single syscall, atomic): umask(0) mkdir("dir", 0700) -> created with exact mode umask(original) Also added tests to verify -m MODE bypasses umask correctly. * mkdir: add UmaskGuard for panic-safe umask restoration Add RAII guard to ensure umask is restored even on panic. Encapsulate unsafe umask calls in UmaskGuard::set() for a safe interface. * mkdir: fix clippy and spelling warnings - Add RAII to spell-checker ignore list - Narrow chmod cfg to Linux only (only used for ACL bits) * mkdir: fix unused import on non-Linux FromIo is only used in chmod, which is now Linux-only.

mkdir: add UmaskGuard for panic-safe umask restoration

3a3777f

Add RAII guard to ensure umask is restored even on panic. Encapsulate unsafe umask calls in UmaskGuard::set() for a safe interface.

mkdir: fix clippy and spelling warnings

a7ed546

- Add RAII to spell-checker ignore list - Narrow chmod cfg to Linux only (only used for ACL bits)

mkdir: fix unused import on non-Linux

5572467

FromIo is only used in chmod, which is now Linux-only.

sylvestre merged commit 037b958 into uutils:main Jan 18, 2026
150 of 155 checks passed

sylvestre mentioned this pull request Jan 18, 2026

Move UmaskGuard in uucore and use it for mkdir, mkfifo & mknod #10310

Open

0xferrous mentioned this pull request Jan 21, 2026

chore: add test for setgid bit inheritance in mkdir -p #10412

Merged

moonfruit mentioned this pull request Feb 3, 2026

uutils-selected 0.6.0 moonfruit/homebrew-tap#453

Closed

Uh oh!

mkdir: create directories atomically with correct permissions #10036

mkdir: create directories atomically with correct permissions #10036

Uh oh!

Conversation

rynewang commented Jan 3, 2026

Uh oh!

alippai commented Jan 3, 2026

Uh oh!

github-actions bot commented Jan 3, 2026

Uh oh!

sylvestre commented Jan 3, 2026

Uh oh!

rynewang commented Jan 3, 2026

Uh oh!

rynewang commented Jan 3, 2026

Uh oh!

rynewang commented Jan 4, 2026

Uh oh!

sylvestre commented Jan 4, 2026

Uh oh!

rynewang commented Jan 4, 2026

Uh oh!

github-actions bot commented Jan 4, 2026

Uh oh!

sylvestre commented Jan 4, 2026

Uh oh!

github-actions bot commented Jan 4, 2026

Uh oh!

rynewang commented Jan 5, 2026

Uh oh!

Uh oh!

sylvestre commented Jan 18, 2026

Uh oh!

0xferrous commented Jan 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

0xferrous commented Jan 21, 2026 •

edited

Loading