Limit the permissions for the the configuration file on its creation

maxlath / wikibase-cli

read and edit a Wikibase instance from the command line

MIT License

227 stars 24 forks source link

Limit the permissions for the the configuration file on its creation #152

Closed merkys closed 2 years ago

merkys commented 2 years ago

I am using wikibase-cli v15.15.1. I have chosen to store the plaintext password in a configuration file. To limit the accessibility for the configuration file I have manually changed its permissions to 600. It would be nice to have these permissions set by default upon creation in order not to accidentally leak passwords. This issue is related to #45 and implementing it would slightly lower #45's impact.

maxlath commented 2 years ago

Indeed! Done in d526bf7 and published in v15.15.4: new config files will be created in 600 mode; old config files could have their mode fixed with chmod 600 $(wb config path)

merkys commented 2 years ago

Great, thanks a lot! I believe default mode of 600 is generally very sensible here.