From a10e80318fe056312d9270c5f873bbe7f06a95cd Mon Sep 17 00:00:00 2001 From: Thibaut Broggi Date: Thu, 26 May 2016 15:59:40 +0200 Subject: [PATCH 1/2] atomicWrite function now preserve file permissions --- src/util/helper.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/util/helper.py b/src/util/helper.py index 2bdcb1b5..c46a9042 100644 --- a/src/util/helper.py +++ b/src/util/helper.py @@ -1,4 +1,5 @@ import os +import stat import socket import struct import re @@ -10,6 +11,7 @@ import base64 def atomicWrite(dest, content, mode="w"): try: + permissions = stat.S_IMODE(os.lstat(dest).st_mode) with open(dest + "-new", mode) as f: f.write(content) f.flush() @@ -18,6 +20,7 @@ def atomicWrite(dest, content, mode="w"): os.rename(dest + "-old", dest + "-old-%s" % time.time()) os.rename(dest, dest + "-old") os.rename(dest + "-new", dest) + os.chmod(dest, permissions) os.unlink(dest + "-old") return True except Exception, err: From 9e9832ad09925de575e79a85f5cc555a1ea51a33 Mon Sep 17 00:00:00 2001 From: Thibaut Broggi Date: Thu, 26 May 2016 16:00:14 +0200 Subject: [PATCH 2/2] Set permission to 600 for some files Files users.json and sites.json contains private key Only the owner of these files should have access to them --- src/main.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main.py b/src/main.py index c9bb1a9c..790c5d77 100644 --- a/src/main.py +++ b/src/main.py @@ -1,6 +1,7 @@ # Included modules import os import sys +import stat import time import logging @@ -33,8 +34,10 @@ if not os.path.isdir(config.data_dir): os.mkdir(config.data_dir) if not os.path.isfile("%s/sites.json" % config.data_dir): open("%s/sites.json" % config.data_dir, "w").write("{}") + os.chmod("%s/sites.json" % config.data_dir, stat.S_IRUSR | stat.S_IWUSR) if not os.path.isfile("%s/users.json" % config.data_dir): open("%s/users.json" % config.data_dir, "w").write("{}") + os.chmod("%s/users.json" % config.data_dir, stat.S_IRUSR | stat.S_IWUSR) # Setup logging if config.action == "main":