diff options
Diffstat (limited to 'server/upgrade')
-rw-r--r-- | server/upgrade/upgrade_config.py | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/server/upgrade/upgrade_config.py b/server/upgrade/upgrade_config.py index 412fad53..87e3990d 100644 --- a/server/upgrade/upgrade_config.py +++ b/server/upgrade/upgrade_config.py @@ -20,6 +20,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import os import sys import shutil import traceback @@ -91,6 +92,9 @@ class SSSDConfigFile(object): " Copy the file we operate on to a backup location " shutil.copy(self.file_name, self.file_name+".bak") + # make sure we don't leak data, force permissions on the backup + os.chmod(self.file_name+".bak", 0600) + def _migrate_if_exists(self, to_section, to_option, from_section, from_option): """ Move value of parameter from one section to another, renaming the parameter @@ -281,8 +285,12 @@ class SSSDConfigFile(object): # Migrate domains self._migrate_domains() - # all done, write the file + # all done, open the file for writing of = open(out_file_name, "wb") + + # make sure it has the right permissions too + os.chmod(out_file_name, 0600) + self._new_config.write(of) def parse_options(): @@ -337,6 +345,9 @@ def main(): print >>sys.stderr, "Can only upgrade from v1 to v2, file %s looks like version %d" % (options.filename, config.get_version()) return 1 + # make sure we keep strict settings when creating new files + os.umask(0077) + try: config.upgrade_v2(options.outfile, options.backup) except Exception, e: |