set file and dir permissions

[stefantalpalaru]

• get rid of group read and execute permissions for directories; there is no justification for allowing that
• set the desired permissions instead of exiting the program - fixes Offline command to correct all permissions at once #1921
• don't call the POSIX access() function, since it doesn't do anything we need. https://man7.org/linux/man-pages/man2/access.2.html :

In other words, access() does not answer the "can I read/write/execute this file?" question. It answers a slightly different question: "(assuming I'm a setuid binary) can the user who invoked me read/write/execute this file?", which gives set-user-ID programs the possibility to prevent malicious users from causing them to read files which users shouldn't be able to read.

[cheatfate]

This PR should not be merged until discussion in #1921 will not be finished.

[zah]

I support merging this and including it in the next 0.6.x release. Couple of weeks later, it should be followed by a PR going back to the more strict handling advocated by @cheatfate which should be our long-term policy.

[arnetheduck]

not sure this is meaningful any more - ie the damage is done already

[zah]

This is a new more minor change to the permissions (but still breaking). It removes the group-level access from the sensitive directories.

[cheatfate]

@zah couple of weeks already passed but there no new PR, so maybe i should open "security" issues because of that?

[zah]

Yes, I think it's time that we fix this. Perhaps it can be addressed in the not yet merged passwordless keystores branch?

[cheatfate]

@zah i have created new issue #2115