summaryrefslogtreecommitdiff
path: root/server/upgrade
diff options
context:
space:
mode:
Diffstat (limited to 'server/upgrade')
-rw-r--r--server/upgrade/upgrade_config.py13
1 files changed, 12 insertions, 1 deletions
diff --git a/server/upgrade/upgrade_config.py b/server/upgrade/upgrade_config.py
index 412fad53..87e3990d 100644
--- a/server/upgrade/upgrade_config.py
+++ b/server/upgrade/upgrade_config.py
@@ -20,6 +20,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import os
import sys
import shutil
import traceback
@@ -91,6 +92,9 @@ class SSSDConfigFile(object):
" Copy the file we operate on to a backup location "
shutil.copy(self.file_name, self.file_name+".bak")
+ # make sure we don't leak data, force permissions on the backup
+ os.chmod(self.file_name+".bak", 0600)
+
def _migrate_if_exists(self, to_section, to_option, from_section, from_option):
"""
Move value of parameter from one section to another, renaming the parameter
@@ -281,8 +285,12 @@ class SSSDConfigFile(object):
# Migrate domains
self._migrate_domains()
- # all done, write the file
+ # all done, open the file for writing
of = open(out_file_name, "wb")
+
+ # make sure it has the right permissions too
+ os.chmod(out_file_name, 0600)
+
self._new_config.write(of)
def parse_options():
@@ -337,6 +345,9 @@ def main():
print >>sys.stderr, "Can only upgrade from v1 to v2, file %s looks like version %d" % (options.filename, config.get_version())
return 1
+ # make sure we keep strict settings when creating new files
+ os.umask(0077)
+
try:
config.upgrade_v2(options.outfile, options.backup)
except Exception, e: