store: keep our state to ourselves
Our state directory can contain credentials, so do not allow access to anyone else. Signed-off-by: Tom Gundersen <teg@jklm.no>
This commit is contained in:
Tom Gundersen
parent
4919ef1271
commit
fb7fb0156d
1 changed files with 2 additions and 2 deletions
|
|
@ -119,7 +119,7 @@ func New(stateDir *string, distro distro.Distro) *Store {
|
||||||
var s Store
|
var s Store
|
||||||
|
|
||||||
if stateDir != nil {
|
if stateDir != nil {
|
||||||
err := os.Mkdir(*stateDir+"/"+"outputs", 0755)
|
err := os.Mkdir(*stateDir+"/"+"outputs", 0700)
|
||||||
if err != nil && !os.IsExist(err) {
|
if err != nil && !os.IsExist(err) {
|
||||||
log.Fatalf("cannot create output directory")
|
log.Fatalf("cannot create output directory")
|
||||||
}
|
}
|
||||||
|
|
@ -140,7 +140,7 @@ func New(stateDir *string, distro distro.Distro) *Store {
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
for {
|
for {
|
||||||
err := writeFileAtomically(stateFile, <-s.stateChannel, 0755)
|
err := writeFileAtomically(stateFile, <-s.stateChannel, 0600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("cannot write state: %v", err)
|
log.Fatalf("cannot write state: %v", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue