Improve security of config files (#153)

2025-08-14 02:26:56 -07:00 · 2016-12-19 21:41:38 -08:00 · 2016-12-19 21:41:38 -08:00 · fdc24ff187
commit fdc24ff187
parent 440de0cfe5
1 changed files with 4 additions and 1 deletions
--- a/extras/installer.sh
+++ b/extras/installer.sh
@ -287,8 +287,11 @@ save_config() {
 	echo
 	echo -n "Writing configuration file '$2'... "

-	# make sure that new file is owned by root instead of owner of CONFIGTEMP
+	# most likely writing to /etc, so we need sudo
 	sudo tee "$2" > /dev/null < "$CONFIGTEMP"
+	sudo chmod 640 "$2"
+	# only root can modify the config, but the user can still read it
+	sudo chown 0:$(id -gn) "$2"
 	rm "$CONFIGTEMP"

 	echo "done"