luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Fixing excessive unix file permissions (#14791) 

* Fixing excessive unix file permissions

* CL

* reduce the permission from 750 to 700
This commit is contained in:
hghaf099 2022-04-01 12:57:38 -04:00 committed by GitHub
parent 43e5d12ed0
commit 9ae2a85700
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/14791.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
core: fixing excessive unix file permissions
```

2
command/agent.go
View File

@ -979,7 +979,7 @@ func (c *AgentCommand) storePidFile(pidPath string) error {
}
// Open the PID file
pidFile, err := os.OpenFile(pidPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
pidFile, err := os.OpenFile(pidPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600)
if err != nil {
return fmt.Errorf("could not open pid file: %w", err)
}

2
command/operator_raft_snapshot_save.go
View File

@ -76,7 +76,7 @@ func (c *OperatorRaftSnapshotSaveCommand) Run(args []string) int {
w := &lazyOpenWriter{
openFunc: func() (io.WriteCloser, error) {
return os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
return os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600)
},
}

4
command/server.go
View File

@ -1926,7 +1926,7 @@ func (c *ServerCommand) enableThreeNodeDevCluster(base *vault.CoreConfig, info m
return 1
}
if err := ioutil.WriteFile(filepath.Join(testCluster.TempDir, "root_token"), []byte(testCluster.RootToken), 0o755); err != nil {
if err := ioutil.WriteFile(filepath.Join(testCluster.TempDir, "root_token"), []byte(testCluster.RootToken), 0o600); err != nil {
c.UI.Error(fmt.Sprintf("Error writing token to tempfile: %s", err))
return 1
}
@ -2158,7 +2158,7 @@ func (c *ServerCommand) storePidFile(pidPath string) error {
}
// Open the PID file
pidFile, err := os.OpenFile(pidPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
pidFile, err := os.OpenFile(pidPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600)
if err != nil {
return fmt.Errorf("could not open pid file: %w", err)
}

2
physical/raft/raft.go
View File

@ -274,7 +274,7 @@ func EnsurePath(path string, dir bool) error {
if !dir {
path = filepath.Dir(path)
}
return os.MkdirAll(path, 0o755)
return os.MkdirAll(path, 0o700)
}
// NewRaftBackend constructs a RaftBackend using the given directory

4
physical/raft/snapshot.go
View File

@ -86,7 +86,7 @@ func NewBoltSnapshotStore(base string, logger log.Logger, fsm *FSM) (*BoltSnapsh
// Ensure our path exists
path := filepath.Join(base, snapPath)
if err := os.MkdirAll(path, 0o755); err != nil && !os.IsExist(err) {
if err := os.MkdirAll(path, 0o700); err != nil && !os.IsExist(err) {
return nil, fmt.Errorf("snapshot path not accessible: %v", err)
}
@ -324,7 +324,7 @@ func (s *BoltSnapshotSink) writeBoltDBFile() error {
s.logger.Info("creating new snapshot", "path", path)
// Make the directory
if err := os.MkdirAll(path, 0o755); err != nil {
if err := os.MkdirAll(path, 0o700); err != nil {
s.logger.Error("failed to make snapshot directory", "error", err)
return err
}