backup-auth creates files with insecure permission

znz commented 4 years ago

dokku postgres:backup-auth creates world-readable files. I think AWS_SECRET_ACCESS_KEY should not be world-readable at least.

vagrant@dokku:~$ dokku postgres:backup-auth lolipop MINIO_ACCESS_KEY_ID MINIO_SECRET_ACCESS_KEY us-east-1 s3v4 https://YOURMINIOSERVICE
vagrant@dokku:~$ ls -al /var/lib/dokku/services/postgres/lolipop/backup/
total 28
drwxr-xr-x 2 dokku dokku 4096 Jun 13 09:49 .
drwxr-xr-x 4 dokku dokku 4096 Jun 13 09:49 ..
-rw-r--r-- 1 dokku dokku   20 Jun 13 09:49 AWS_ACCESS_KEY_ID
-rw-r--r-- 1 dokku dokku   10 Jun 13 09:49 AWS_DEFAULT_REGION
-rw-r--r-- 1 dokku dokku   24 Jun 13 09:49 AWS_SECRET_ACCESS_KEY
-rw-r--r-- 1 dokku dokku    5 Jun 13 09:49 AWS_SIGNATURE_VERSION
-rw-r--r-- 1 dokku dokku   25 Jun 13 09:49 ENDPOINT_URL

josegonzalez commented 4 years ago

What should be the correct permissions on these files?

Schlepptop commented 4 years ago

This should be resolved by https://github.com/dokku/dokku-postgres/pull/206

tribela commented 2 years ago

This should be resolved by dokku/dokku-postgres#206

At least 640. o-rw

dokku / dokku-redis

backup-auth creates files with insecure permission #194