Fix user file permissions on create (#4507)
User files contain secrets and should be protected. Chances are that the user folder can be protected as well, so let's do that if TL is creating the folder.
This commit is contained in:
parent
815319810c
commit
d7bba325a7
@ -173,7 +173,9 @@ ClientManager.prototype.addUser = function (name, password, enableLog) {
|
||||
};
|
||||
|
||||
try {
|
||||
fs.writeFileSync(userPath, JSON.stringify(user, null, "\t"));
|
||||
fs.writeFileSync(userPath, JSON.stringify(user, null, "\t"), {
|
||||
mode: 0o600,
|
||||
});
|
||||
} catch (e) {
|
||||
log.error(`Failed to create user ${colors.green(name)} (${e})`);
|
||||
throw e;
|
||||
@ -235,7 +237,9 @@ ClientManager.prototype.saveUser = function (client, callback) {
|
||||
try {
|
||||
// Write to a temp file first, in case the write fails
|
||||
// we do not lose the original file (for example when disk is full)
|
||||
fs.writeFileSync(pathTemp, newUser);
|
||||
fs.writeFileSync(pathTemp, newUser, {
|
||||
mode: 0o600,
|
||||
});
|
||||
fs.renameSync(pathTemp, pathReal);
|
||||
|
||||
return callback ? callback() : true;
|
||||
|
@ -31,5 +31,5 @@ function initalizeConfig() {
|
||||
log.info(`Configuration file created at ${colors.green(Helper.getConfigPath())}.`);
|
||||
}
|
||||
|
||||
fs.mkdirSync(Helper.getUsersPath(), {recursive: true});
|
||||
fs.mkdirSync(Helper.getUsersPath(), {recursive: true, mode: 0o700});
|
||||
}
|
||||
|
@ -63,7 +63,9 @@ function change(name, password) {
|
||||
|
||||
// Write to a temp file first, in case the write fails
|
||||
// we do not lose the original file (for example when disk is full)
|
||||
fs.writeFileSync(pathTemp, newUser);
|
||||
fs.writeFileSync(pathTemp, newUser, {
|
||||
mode: 0o600,
|
||||
});
|
||||
fs.renameSync(pathTemp, pathReal);
|
||||
|
||||
log.info(`Successfully reset password for ${colors.bold(name)}.`);
|
||||
|
Loading…
Reference in New Issue
Block a user