From d5799a1f376537ca755bb4fa0364b6e34ed4f08f Mon Sep 17 00:00:00 2001
From: Stuart <kd5pbo@gmail.com>
Date: Sun, 4 Sep 2016 04:06:18 -0400
Subject: [PATCH] Tighten permissions on challenge files and directories

---
 providers/http/webroot/webroot.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/http/webroot/webroot.go b/providers/http/webroot/webroot.go
index d331c991..4bf211f3 100644
--- a/providers/http/webroot/webroot.go
+++ b/providers/http/webroot/webroot.go
@@ -33,12 +33,12 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
 	var err error
 
 	challengeFilePath := path.Join(w.path, acme.HTTP01ChallengePath(token))
-	err = os.MkdirAll(path.Dir(challengeFilePath), 0777)
+	err = os.MkdirAll(path.Dir(challengeFilePath), 0755)
 	if err != nil {
 		return fmt.Errorf("Could not create required directories in webroot for HTTP challenge -> %v", err)
 	}
 
-	err = ioutil.WriteFile(challengeFilePath, []byte(keyAuth), 0777)
+	err = ioutil.WriteFile(challengeFilePath, []byte(keyAuth), 0644)
 	if err != nil {
 		return fmt.Errorf("Could not write file in webroot for HTTP challenge -> %v", err)
 	}