projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a15c208)
15954: Turn off group/other-write bits, even if permitted by umask.
authorTom Clegg <tom@tomclegg.ca>
Tue, 10 Mar 2020 14:39:41 +0000 (10:39 -0400)
committerTom Clegg <tom@tomclegg.ca>
Tue, 10 Mar 2020 14:54:08 +0000 (10:54 -0400)
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>

lib/boot/cert.go patch | blob | history
lib/boot/supervisor.go patch | blob | history

diff --git a/lib/boot/cert.go b/lib/boot/cert.go
index 508605bb7aa0b2711014e3b8117ab7235b26b33b..4b12c72edd9063a72afd7c287d9d86f2cc752b3f 100644 (file)
--- a/lib/boot/cert.go
+++ b/lib/boot/cert.go
@@ -46,7 +46,7 @@ func (createCertificates) Run(ctx context.Context, fail func(error), super *Supe
        err = ioutil.WriteFile(filepath.Join(super.tempdir, "server.cfg"), append(defaultconf, []byte(`
 [SAN]
 subjectAltName=DNS:localhost,DNS:localhost.localdomain
-`)...), 0777)
+`)...), 0644)
        if err != nil {
                return err
        }
diff --git a/lib/boot/supervisor.go b/lib/boot/supervisor.go
index c11129f9ef1e437960f7537a036846e4ae257de6..d3fbab06ab7d6b1f88a628712def2126c8c2c3f2 100644 (file)
--- a/lib/boot/supervisor.go
+++ b/lib/boot/supervisor.go
@@ -96,7 +96,7 @@ func (super *Supervisor) run(cfg *arvados.Config) error {
                return err
        }
        defer os.RemoveAll(super.tempdir)
-       if err := os.Mkdir(filepath.Join(super.tempdir, "bin"), 0777); err != nil {
+       if err := os.Mkdir(filepath.Join(super.tempdir, "bin"), 0755); err != nil {
                return err
        }
 
@@ -106,7 +106,7 @@ func (super *Supervisor) run(cfg *arvados.Config) error {
        if err != nil {
                return err
        }
-       conffile, err := os.OpenFile(filepath.Join(super.tempdir, "config.yml"), os.O_CREATE|os.O_WRONLY, 0777)
+       conffile, err := os.OpenFile(filepath.Join(super.tempdir, "config.yml"), os.O_CREATE|os.O_WRONLY, 0755)
        if err != nil {
                return err
        }
@@ -592,7 +592,7 @@ func (super *Supervisor) autofillConfig(cfg *arvados.Config, log logrus.FieldLog
                        if _, err = os.Stat(datadir + "/."); err == nil {
                        } else if !os.IsNotExist(err) {
                                return err
-                       } else if err = os.Mkdir(datadir, 0777); err != nil {
+                       } else if err = os.Mkdir(datadir, 0755); err != nil {
                                return err
                        }
                        cluster.Volumes[fmt.Sprintf(cluster.ClusterID+"-nyw5e-%015d", volnum)] = arvados.Volume{