From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 34AA26C556 for ; Mon, 29 Mar 2021 14:01:02 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 222EF14B82 for ; Mon, 29 Mar 2021 14:00:32 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id F294214B75 for ; Mon, 29 Mar 2021 14:00:30 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B48C442D52 for ; Mon, 29 Mar 2021 14:00:30 +0200 (CEST) Date: Mon, 29 Mar 2021 14:00:29 +0200 From: Wolfgang Bumiller To: Stoiko Ivanov Cc: pmg-devel@lists.proxmox.com Message-ID: <20210329120029.2dq5dah6zfrkkas3@wobu-vie.proxmox.com> References: <20210329111837.8469-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210329111837.8469-1-s.ivanov@proxmox.com> User-Agent: NeoMutt/20180716 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.028 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] applied: [PATCH pmg-rs] account: create account files with 0600 permissions X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Mar 2021 12:01:02 -0000 applied, thanks On Mon, Mar 29, 2021 at 01:18:37PM +0200, Stoiko Ivanov wrote: > Signed-off-by: Stoiko Ivanov > --- > quickly tested on my setup - files get created correctly > > src/acme.rs | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/src/acme.rs b/src/acme.rs > index ef6f4e7..4c8e5df 100644 > --- a/src/acme.rs > +++ b/src/acme.rs > @@ -3,6 +3,8 @@ > //! The functions in here are perl bindings. > > use std::io::{self, Write}; > +use std::fs::OpenOptions; > +use std::os::unix::fs::OpenOptionsExt; > > use anyhow::{format_err, Error}; > use serde::{Deserialize, Serialize}; > @@ -85,7 +87,9 @@ impl Inner { > }; > > let _account = self.client.new_account(contact, tos_agreed, rsa_bits)?; > - let file = std::fs::File::create(&account_path) > + let mut options = OpenOptions::new(); > + options.write(true).create(true).mode(0o600); > + let file = options.open(&account_path) > .map_err(|err| format_err!("failed to open {:?} for writing: {}", account_path, err))?; > self.write_to(file).map_err(|err| { > format_err!( > @@ -137,7 +141,9 @@ impl Inner { > > let tmp_path = format!("{}.tmp", account_path); > // FIXME: move proxmox::tools::replace_file & make_temp out into a nice *little* crate... > - let mut file = std::fs::File::create(&tmp_path) > + let mut options = OpenOptions::new(); > + options.write(true).create(true).mode(0o600); > + let mut file = options.open(&tmp_path) > .map_err(|err| format_err!("failed to open {:?} for writing: {}", tmp_path, err))?; > self.write_to(&mut file).map_err(|err| { > format_err!("failed to write acme account to {:?}: {}", tmp_path, err) > -- > 2.20.1