From 50d7a10a3f09a51ec00a4faa4a2d2517d02673a8 Mon Sep 17 00:00:00 2001
From: tangcong <tangcong506@gmail.com>
Date: Wed, 10 Jun 2020 14:40:31 +0800
Subject: [PATCH 1/2] pkg/fileutil: print desired file permission in error log

---
 pkg/fileutil/fileutil.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/fileutil/fileutil.go b/pkg/fileutil/fileutil.go
index 1358ba28d..01030b213 100644
--- a/pkg/fileutil/fileutil.go
+++ b/pkg/fileutil/fileutil.go
@@ -124,7 +124,7 @@ func CheckDirPermission(dir string, perm os.FileMode) error {
 	}
 	dirMode := dirInfo.Mode().Perm()
 	if dirMode != perm {
-		err = fmt.Errorf("directory %q exist without desired file permission. %q", dir, dirInfo.Mode())
+		err = fmt.Errorf("directory %q,%q exist without desired file permission %q.", dir, dirInfo.Mode(), os.FileMode(PrivateDirMode))
 		return err
 	}
 	return nil

From 9b444c6355531019854f1b64b7ce7c89fed6dfa9 Mon Sep 17 00:00:00 2001
From: tangcong <tangcong506@gmail.com>
Date: Wed, 10 Jun 2020 14:45:15 +0800
Subject: [PATCH 2/2] CHANGELOG: add data dir permission breaking changes doc

---
 CHANGELOG-3.5.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG-3.5.md b/CHANGELOG-3.5.md
index f3062e0da..5d7054faf 100644
--- a/CHANGELOG-3.5.md
+++ b/CHANGELOG-3.5.md
@@ -60,6 +60,9 @@ See [code changes](https://github.com/etcd-io/etcd/compare/v3.4.0...v3.5.0) and
 - Changed `pkg/flags` function signature to [support structured logger](https://github.com/etcd-io/etcd/pull/11616).
   - Previously, `SetFlagsFromEnv(prefix string, fs *flag.FlagSet) error`, now `SetFlagsFromEnv(lg *zap.Logger, prefix string, fs *flag.FlagSet) error`.
   - Previously, `SetPflagsFromEnv(prefix string, fs *pflag.FlagSet) error`, now `SetPflagsFromEnv(lg *zap.Logger, prefix string, fs *pflag.FlagSet) error`.
+- Changed behavior on [existing dir permission](https://github.com/etcd-io/etcd/pull/11798).
+  - Previously, the permission was not checked on existing data directory and the directory used for automatically generating self-signed certificates for TLS connections with clients. Now a check is added to make sure those directories, if already exist, has a desired permission of 700 on Linux and 777 on Windows.
+
 
 ### `etcdctl`