particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

store: keep our state to ourselves

Browse source 
Our state directory can contain credentials, so do not allow access
to anyone else.

Signed-off-by: Tom Gundersen <teg@jklm.no>
This commit is contained in:
Tom Gundersen 2019-12-20 20:41:48 +01:00
parent 4919ef1271
commit fb7fb0156d
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/store/store.go
View file

@ -119,7 +119,7 @@ func New(stateDir *string, distro distro.Distro) *Store {
var s Store
if stateDir != nil {
err := os.Mkdir(*stateDir+"/"+"outputs", 0755)
err := os.Mkdir(*stateDir+"/"+"outputs", 0700)
if err != nil && !os.IsExist(err) {
log.Fatalf("cannot create output directory")
}
@ -140,7 +140,7 @@ func New(stateDir *string, distro distro.Distro) *Store {
go func() {
for {
err := writeFileAtomically(stateFile, <-s.stateChannel, 0755)
err := writeFileAtomically(stateFile, <-s.stateChannel, 0600)
if err != nil {
log.Fatalf("cannot write state: %v", err)
}