Apply umask 077 to improve security

Group and others permissions will be unset.

Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>

immich-machine-learning.service

@@ -7,6 +7,7 @@ User=immich
 Group=immich
 Type=simple
 Restart=on-failure
+UMask=0077
 
 WorkingDirectory=/var/lib/immich/app
 EnvironmentFile=/var/lib/immich/env

immich-microservices.service

@@ -9,6 +9,7 @@ User=immich
 Group=immich
 Type=simple
 Restart=on-failure
+UMask=0077
 
 WorkingDirectory=/var/lib/immich/app
 EnvironmentFile=/var/lib/immich/env

immich.service

@@ -11,6 +11,7 @@ User=immich
 Group=immich
 Type=simple
 Restart=on-failure
+UMask=0077
 
 WorkingDirectory=/var/lib/immich/app
 EnvironmentFile=/var/lib/immich/env

install.sh

@@ -29,6 +29,7 @@ if [[ "$USER" != "immich" ]]; then
 fi
 
 BASEDIR=$(dirname "$0")
+umask 077
 
 rm -rf $APP
 mkdir -p $APP
@@ -37,6 +38,7 @@ mkdir -p $APP
 # This expects immich user's home directory to be on $IMMICH_PATH/home
 rm -rf $IMMICH_PATH/home
 mkdir -p $IMMICH_PATH/home
+echo 'umask 077' > $IMMICH_PATH/home/.bashrc
 
 TMP=/tmp/immich-$(uuidgen)
 git clone https://github.com/immich-app/immich $TMP