From a68fd6429f8c97627c6d69ca8ff750ad753347c3 Mon Sep 17 00:00:00 2001
From: Helmuth Gronewold <github@dlowen.org>
Date: Fri, 22 Aug 2014 22:55:34 +0200
Subject: [PATCH] The secret key that encrypts the backups should not be world
 readable.

---
 setup/management.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/setup/management.sh b/setup/management.sh
index b793b990..e8220609 100755
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -10,6 +10,8 @@ mkdir -p $STORAGE_ROOT/backup
 if [ ! -f $STORAGE_ROOT/backup/secret_key.txt ]; then
 	openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt
 fi
+# The secret key to encrypt backups should not be world readable.
+chmod 0600 $STORAGE_ROOT/backup/secret_key.txt
 
 # Link the management server daemon into a well known location.
 rm -f /usr/local/bin/mailinabox-daemon