By default, Mercurial checks out files and creates repository metadata files in repo/.hg directories with a pretty permissive set of file attributes. All directories have read, write and execute for all of “owner”, “group” and “other” on UNIX, and all files have permissions of read-write for their “owner”, read for “group” and “other”.
Now that’s fine for workspaces where you keep data which is ok to share with everyone, but it’s not very convenient when you have a workspace with data files which are “confidential” in any way. It makes files and directories with this confidential set of data files immediately visible to everyone.
Even if umask is carefully set to 077 before you start working in a workspace with this confidential set of data, there is always the possibility of leaking some data to people who shouldn’t have access to them.
Thankfully, by using both umask and a small set of hook commands, Mercurial can be configured in a way which minimizes (but unfortunately does not completely eliminate) the window of time available to anyone trying to read the files of a workspace where they shouldn’t have access to. (more…)
