Permissions on state file (keyphrase) too open

getumbrel / umbrel-lightning

The official Lightning Node app for Umbrel, powered by LND.

https://umbrel.com

Other

15 stars 8 forks source link

Permissions on state file (keyphrase) too open #37

Open trekon1701 opened 2 years ago

trekon1701 commented 2 years ago

It appears that permissions on the file used to store the secret phrase to the wallet are too open, allowing access to anyone on a shared system. -rw-r--r-- 1 umbrel umbrel 390 Jun 7 21:21 app-data/lightning/data/lightning/state.json recommend setting them to 0600 to prevent leaks.

Umbrel version 0.5.0

tlindi commented 9 months ago

still the same version now 0.5.4 with full path now days: /home/umbrel/umbrel/app-data/lightning/data/lightning/state.json