simon/acme-dns
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Use umask 0077 across the process in order to have the created files readable only by the acme-dns user (#102)

Browse Source
This commit is contained in:
Joona Hoikkala 2018-08-12 20:06:54 +03:00 committed by GitHub
parent ec013c0f25
commit 0fc5a8e848
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
main.go
View File

@ -7,6 +7,7 @@ import (
stdlog "log" stdlog "log"
"net/http" "net/http"
"os" "os"
"syscall"
"github.com/julienschmidt/httprouter" "github.com/julienschmidt/httprouter"
"github.com/rs/cors" "github.com/rs/cors"
@ -15,6 +16,8 @@ import (
) )
func main() { func main() {
// Created files are not world writable
syscall.Umask(0077)
// Read global config // Read global config
var err error var err error
if fileIsAccessible("/etc/acme-dns/config.cfg") { if fileIsAccessible("/etc/acme-dns/config.cfg") {