[fedfs-utils] [PATCH 2/3] Clean up cert file creation
Chuck Lever
chuck.lever at oracle.com
Tue Aug 2 09:19:16 PDT 2011
Narrow permissions on created cert files. I think only the "fedfs"
user ID and root should be able to read or write these.
While we're here, use symbolic constants to specify the permission
setting.
NB: This code does not work before or after this patch is applied, as
it is currently provisional and untested. More is planned for a
subsequent release.
Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---
src/libnsdb/nsdb.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c
index 00be913..c5a9426 100644
--- a/src/libnsdb/nsdb.c
+++ b/src/libnsdb/nsdb.c
@@ -532,7 +532,8 @@ nsdb_new_certfile(const char *certdata, const unsigned int certlen,
goto out;
}
- fd = open(pathbuf, O_WRONLY | O_SYNC | O_CREAT | O_EXCL, 0666);
+ fd = open(pathbuf, O_WRONLY | O_SYNC | O_CREAT | O_EXCL,
+ S_IRUSR | S_IWUSR | S_IRGRP);
if (fd == -1) {
xlog(D_GENERAL, "%s: Failed to open %s: %m",
__func__, pathbuf);
More information about the fedfs-utils-devel
mailing list