mirror of https://github.com/status-im/consul.git
cli: use file mode 0600 when saving a snapshot
So that other users on the machine can not access the snapshot data.
This commit is contained in:
parent
0166b0839c
commit
ff7f3a9737
|
@ -5,11 +5,12 @@ import (
|
|||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/mitchellh/cli"
|
||||
"github.com/rboyer/safeio"
|
||||
|
||||
"github.com/hashicorp/consul/api"
|
||||
"github.com/hashicorp/consul/command/flags"
|
||||
"github.com/hashicorp/consul/snapshot"
|
||||
"github.com/mitchellh/cli"
|
||||
"github.com/rboyer/safeio"
|
||||
)
|
||||
|
||||
func New(ui cli.Ui) *cmd {
|
||||
|
@ -71,7 +72,7 @@ func (c *cmd) Run(args []string) int {
|
|||
|
||||
// Save the file first.
|
||||
unverifiedFile := file + ".unverified"
|
||||
if _, err := safeio.WriteToFile(snap, unverifiedFile, 0666); err != nil {
|
||||
if _, err := safeio.WriteToFile(snap, unverifiedFile, 0600); err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error writing unverified snapshot file: %s", err))
|
||||
return 1
|
||||
}
|
||||
|
|
|
@ -94,6 +94,10 @@ func TestSnapshotSaveCommand(t *testing.T) {
|
|||
t.Fatalf("bad: %d. %#v", code, ui.ErrorWriter.String())
|
||||
}
|
||||
|
||||
fi, err := os.Stat(file)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, fi.Mode(), os.FileMode(0600))
|
||||
|
||||
f, err := os.Open(file)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
|
|
Loading…
Reference in New Issue