Use umask 0077 across the process in order to have the created files readable...

Use umask 0077 across the process in order to have the created files readable only by the acme-dns user (#102)

Use umask 0077 across the process in order to have the created files readable...
0fc5a8e8 · Joona Hoikkala · GitHub · ec013c0f · 0fc5a8e8
Unverified Commit 0fc5a8e8 authored 6 years ago by Joona Hoikkala Committed by GitHub 6 years ago
--- a/main.go
+++ b/main.go
@@ -7,6 +7,7 @@ import (
 	stdlog "log"
 	"net/http"
 	"os"
+	"syscall"

 	"github.com/julienschmidt/httprouter"
 	"github.com/rs/cors"
@@ -15,6 +16,8 @@ import (
 )

 func main() {
+	// Created files are not world writable
+	syscall.Umask(0077)
 	// Read global config
 	var err error
 	if fileIsAccessible("/etc/acme-dns/config.cfg") {