Tighten permissions on challenge files and directories

This commit is contained in:
Stuart 2016-09-04 04:06:18 -04:00
parent 160cb3b6e8
commit d5799a1f37

View file

@ -33,12 +33,12 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
var err error var err error
challengeFilePath := path.Join(w.path, acme.HTTP01ChallengePath(token)) challengeFilePath := path.Join(w.path, acme.HTTP01ChallengePath(token))
err = os.MkdirAll(path.Dir(challengeFilePath), 0777) err = os.MkdirAll(path.Dir(challengeFilePath), 0755)
if err != nil { if err != nil {
return fmt.Errorf("Could not create required directories in webroot for HTTP challenge -> %v", err) return fmt.Errorf("Could not create required directories in webroot for HTTP challenge -> %v", err)
} }
err = ioutil.WriteFile(challengeFilePath, []byte(keyAuth), 0777) err = ioutil.WriteFile(challengeFilePath, []byte(keyAuth), 0644)
if err != nil { if err != nil {
return fmt.Errorf("Could not write file in webroot for HTTP challenge -> %v", err) return fmt.Errorf("Could not write file in webroot for HTTP challenge -> %v", err)
} }