StackExchange/dnscontrol
1
1
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2025-01-11 09:59:59 +08:00
Code Issues Projects Releases Packages Wiki Activity

Certs: Create directories with execute permissions so they can be opened (#395)

Browse source 
* Create directories with execute permissions so they can be opened
* Use 0700 permissions on certificate directories instead of 0755
This commit is contained in:
Andrew Rafferty 2018-08-27 10:12:53 -06:00 committed by Tom Limoncelli
parent e680fb9a46
commit 402fc449e2
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/acme/acme.go
View file

@ -77,7 +77,7 @@ func (c *certManager) IssueOrRenewCert(cfg *CertConfig, renewUnder int, verbose
}
log.Printf("Checking certificate [%s]", cfg.CertName)
if err := os.MkdirAll(filepath.Dir(c.certFile(cfg.CertName, "json")), perms); err != nil {
if err := os.MkdirAll(filepath.Dir(c.certFile(cfg.CertName, "json")), dirPerms); err != nil {
return false, err
}
existing, err := c.readCertificate(cfg.CertName)

6
pkg/acme/registration.go
View file

@ -61,10 +61,12 @@ func (c *certManager) accountKeyFile() string {
return filepath.Join(c.accountDirectory(), "account.key")
}
const perms os.FileMode = 0644 // TODO: probably lock this down more
// TODO: probably lock these down more
const perms os.FileMode = 0644
const dirPerms os.FileMode = 0700
func (c *certManager) createAccount() error {
if err := os.MkdirAll(c.accountDirectory(), perms); err != nil {
if err := os.MkdirAll(c.accountDirectory(), dirPerms); err != nil {
return err
}
privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)