Use 0600 for profile defaults file.

This commit is contained in:
max furman 2021-11-15 10:20:10 -08:00
parent 507be61e8c
commit d37313bef4

View file

@ -959,9 +959,12 @@ func (p *PKI) Save(opt ...ConfigOption) error {
if err = fileutil.WriteFile(p.defaults, b, 0644); err != nil { if err = fileutil.WriteFile(p.defaults, b, 0644); err != nil {
return errs.FileError(err, p.defaults) return errs.FileError(err, p.defaults)
} }
// If we're using contexts then write a blank object to the defualt profile
// configuration location.
if p.profileDefaults != "" { if p.profileDefaults != "" {
if _, err := os.Stat(p.profileDefaults); os.IsNotExist(err) { if _, err := os.Stat(p.profileDefaults); os.IsNotExist(err) {
if err = fileutil.WriteFile(p.profileDefaults, []byte("{}"), 0644); err != nil { // Write with 0600 to be consistent with directories structure.
if err = fileutil.WriteFile(p.profileDefaults, []byte("{}"), 0600); err != nil {
return errs.FileError(err, p.profileDefaults) return errs.FileError(err, p.profileDefaults)
} }
} else if err != nil { } else if err != nil {