fix(perms): user-only settings file perms

deis / workflow-cli

The CLI for Deis Workflow

http://deis.com

MIT License

31 stars 43 forks source link

fix(perms): user-only settings file perms #251

Closed jgmize closed 7 years ago

jgmize commented 7 years ago

Settings files contain auth tokens and should not be world-readable.

deis-bot commented 7 years ago

@Joshua-Anderson and @aboyett are potential reviewers of this pull request based on my analysis of git blame information. Thanks @jgmize!

codecov-io commented 7 years ago

Current coverage is 72.22% (diff: 50.00%)

Merging #251 into master will not change coverage

@@             master       #251   diff @@
==========================================
  Files            57         57          
  Lines          3903       3903          
  Methods           0          0          
  Messages          0          0          
  Branches          0          0          
==========================================
  Hits           2819       2819          
  Misses          776        776          
  Partials        308        308

Powered by Codecov. Last update 8745328...ebda2a8

aboyett commented 7 years ago

Nice catch. LGTM

jgmize commented 7 years ago

Note that this PR only addresses the creation of new files and directories. As a followup I recommend adding an automated permissions fix for existing files & directories, or failing that, release notes instructing users of previous versions to fix the permissions manually (chmod 700 ~/.deis && chmod 600 ~/.deis/*.json or equivalent).

Joshua-Anderson commented 7 years ago

A note to that point could pretty easily be added to release notes.

Joshua-Anderson commented 7 years ago

If anybody has the time, a second review on this would be nice. This is a moderately large problem and should be fixed ASAP