From 0fc5a8e84829cb6b9778e0f3ecf9fd13c7e32f3e Mon Sep 17 00:00:00 2001
From: Joona Hoikkala <joohoi@users.noreply.github.com>
Date: Sun, 12 Aug 2018 20:06:54 +0300
Subject: [PATCH] Use umask 0077 across the process in order to have the
 created files readable only by the acme-dns user (#102)

---
 main.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/main.go b/main.go
index 1c217cd..2eb135a 100644
--- a/main.go
+++ b/main.go
@@ -7,6 +7,7 @@ import (
 	stdlog "log"
 	"net/http"
 	"os"
+	"syscall"
 
 	"github.com/julienschmidt/httprouter"
 	"github.com/rs/cors"
@@ -15,6 +16,8 @@ import (
 )
 
 func main() {
+	// Created files are not world writable
+	syscall.Umask(0077)
 	// Read global config
 	var err error
 	if fileIsAccessible("/etc/acme-dns/config.cfg") {
-- 
GitLab