mirror of
https://codeberg.org/puppe/secrets.git
synced 2025-12-20 00:42:17 +01:00
Create and set permissions of files atomically
Apparently it is not safe to first create a file with touch and then set permissions with chmod. An unprivileged user could open the file in between. See https://github.com/NixOS/nixpkgs/pull/60138#discussion_r623971755.
This commit is contained in:
parent
fb34a0834c
commit
698fc0c6d3
1 changed files with 2 additions and 5 deletions
7
secrets
7
secrets
|
|
@ -91,16 +91,13 @@ echo "!*data" >&2
|
|||
|
||||
read basedir
|
||||
if test ! -d "$basedir"; then
|
||||
mkdir "$basedir"
|
||||
chown root:root "$basedir"
|
||||
chmod 755 "$basedir"
|
||||
install -o root -g root -m 755 -d "$basedir"
|
||||
fi
|
||||
rm -rf "$basedir"/*
|
||||
|
||||
while read name; do
|
||||
fullpath="$basedir/$name"
|
||||
touch "$fullpath"
|
||||
chmod 600 "$fullpath"
|
||||
install -o root -g root -m 600 /dev/null "$fullpath"
|
||||
read size
|
||||
head --bytes="$size" - > "$fullpath"
|
||||
read owner
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue