Merge pull request #150 from hjjg/secretkeyfix

The secret key that encrypts the backups should not be world readable.
2026-03-15 17:37:22 +01:00 · 2014-08-24 17:21:38 -04:00
parent df20d447a9 90c7655d82
commit 28231ac248
2 changed files with 5 additions and 1 deletions
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -8,7 +8,7 @@ hide_output pip3 install rtyaml
 # Create a backup directory and a random key for encrypting backups.
 mkdir -p $STORAGE_ROOT/backup
 if [ ! -f $STORAGE_ROOT/backup/secret_key.txt ]; then
-	openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt
+	$(umask 077; openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt)
 fi

 # Link the management server daemon into a well known location.