Use umask for race-free permission setting
Without using umask there's a small time window where paths are world readable. That is a bad idea to do for secret files (e.g. the dovecot code path).
This commit is contained in:
parent
69a4b7ad67
commit
a3b03d1b5a
|
@ -104,6 +104,9 @@ let
|
|||
chmod 755 "${passwdDir}"
|
||||
fi
|
||||
|
||||
# Prevent world-readable password files, even temporarily.
|
||||
umask 077
|
||||
|
||||
for f in ${builtins.toString (lib.mapAttrsToList (name: value: passwordFiles."${name}") cfg.loginAccounts)}; do
|
||||
if [ ! -f "$f" ]; then
|
||||
echo "Expected password hash file $f does not exist!"
|
||||
|
@ -125,9 +128,6 @@ let
|
|||
else "")
|
||||
) cfg.loginAccounts)}
|
||||
EOF
|
||||
|
||||
chmod 600 ${passwdFile}
|
||||
chmod 600 ${userdbFile}
|
||||
'';
|
||||
|
||||
junkMailboxes = builtins.attrNames (lib.filterAttrs (n: v: v ? "specialUse" && v.specialUse == "Junk") cfg.mailboxes);
|
||||
|
|
|
@ -64,6 +64,8 @@ in
|
|||
in ''
|
||||
# Create mail directory and set permissions. See
|
||||
# <http://wiki2.dovecot.org/SharedMailboxes/Permissions>.
|
||||
# Prevent world-readable paths, even temporarily.
|
||||
umask 007
|
||||
mkdir -p ${directories}
|
||||
chgrp "${vmailGroupName}" ${directories}
|
||||
chmod 02770 ${directories}
|
||||
|
|
|
@ -34,6 +34,9 @@ let
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
# Prevent world-readable paths, even temporarily.
|
||||
umask 007
|
||||
|
||||
# Create directory to store user sieve scripts if it doesn't exist
|
||||
if (! test -d "${sieveDirectory}"); then
|
||||
mkdir "${sieveDirectory}"
|
||||
|
|
Loading…
Reference in New Issue