From fb7fb0156d5a297d2fc254d136d31d3c41fc3645 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Fri, 20 Dec 2019 20:41:48 +0100
Subject: [PATCH] store: keep our state to ourselves

Our state directory can contain credentials, so do not allow access
to anyone else.

Signed-off-by: Tom Gundersen <teg@jklm.no>
---
 internal/store/store.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/store/store.go b/internal/store/store.go
index f8ea1e9e3..d276e9d59 100644
--- a/internal/store/store.go
+++ b/internal/store/store.go
@@ -119,7 +119,7 @@ func New(stateDir *string, distro distro.Distro) *Store {
 	var s Store
 
 	if stateDir != nil {
-		err := os.Mkdir(*stateDir+"/"+"outputs", 0755)
+		err := os.Mkdir(*stateDir+"/"+"outputs", 0700)
 		if err != nil && !os.IsExist(err) {
 			log.Fatalf("cannot create output directory")
 		}
@@ -140,7 +140,7 @@ func New(stateDir *string, distro distro.Distro) *Store {
 
 		go func() {
 			for {
-				err := writeFileAtomically(stateFile, <-s.stateChannel, 0755)
+				err := writeFileAtomically(stateFile, <-s.stateChannel, 0600)
 				if err != nil {
 					log.Fatalf("cannot write state: %v", err)
 				}