From fdc24ff1870e85b44f5d51618742c0eb7db21ee8 Mon Sep 17 00:00:00 2001 From: Alex Malinovich Date: Mon, 19 Dec 2016 21:41:38 -0800 Subject: [PATCH] Improve security of config files (#153) --- extras/installer.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/extras/installer.sh b/extras/installer.sh index ca5a92c..5e4f43f 100755 --- a/extras/installer.sh +++ b/extras/installer.sh @@ -287,8 +287,11 @@ save_config() { echo echo -n "Writing configuration file '$2'... " - # make sure that new file is owned by root instead of owner of CONFIGTEMP + # most likely writing to /etc, so we need sudo sudo tee "$2" > /dev/null < "$CONFIGTEMP" + sudo chmod 640 "$2" + # only root can modify the config, but the user can still read it + sudo chown 0:$(id -gn) "$2" rm "$CONFIGTEMP" echo "done"