The secret key that encrypts the backups should not be world readable.

2024-11-22 02:17:26 +00:00 · 2014-08-22 22:55:34 +02:00 · 2014-08-22 22:55:34 +02:00 · a68fd6429f
commit a68fd6429f
parent f7c7d5b9c3
1 changed files with 2 additions and 0 deletions
--- a/setup/management.sh
+++ b/setup/management.sh
@ -10,6 +10,8 @@ mkdir -p $STORAGE_ROOT/backup
 if [ ! -f $STORAGE_ROOT/backup/secret_key.txt ]; then
 	openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt
 fi
+# The secret key to encrypt backups should not be world readable.
+chmod 0600 $STORAGE_ROOT/backup/secret_key.txt

 # Link the management server daemon into a well known location.
 rm -f /usr/local/bin/mailinabox-daemon