chmod to secret certificate file to 0600

2007-01-25 23:14:08 +00:00 · 2007-01-25 23:14:08 +00:00 · 772d617b73
parent 2ecc20e905
commit 772d617b73
1 changed files with 7 additions and 0 deletions
--- a/plugins/encrypted_webinterface/encrypted_webinterface.py
+++ b/plugins/encrypted_webinterface/encrypted_webinterface.py
@ -125,6 +125,13 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
 					self.cbox.prefs.create_misc_config_file(CERT_FILENAME, cert)
 					self.cbox.log.info("Created new SSL certificate: %s" % \
 							cert_abs_name)
+					## make it non-readable for other users
+					try:
+						os.chmod(cert_abs_name, 0600)
+					except OSError, err_msg:
+						self.cbox.log.warn("Failed to change permissions of secret " \
+								+ "certificate file (%s): %s" % \
+								(cert_abs_name, err_msg))
 				except IOError, err_msg:
 					## do not run stunnel without a certificate
 					self.cbox.log.warn("Failed to create new SSL certificate (%s): %s" \