sunshine is the best disinfectant
sunshine
reveals paths with anomalous file permissions.
File permissions play a critical role in software applications, from security to basic functionality. For example, SSH may reject authentication attempts when the keys have incorrect permissions.
Unfortunately, many software systems have neither the correct file permissions applied, nor useful error handling code to help users quickly diagnose the issue. That's where sunshine comes up.
sunshine is an automated program for recursively scanning files and directories for unidiomatic permission settings.
$ cd examples
$ sunshine
.ssh/id_test: expected chmod 0600, got 0644
See -help
for more detail.
https://pkg.go.dev/github.com/mcandre/sunshine
https://github.com/mcandre/sunshine/releases
$ go install github.com/mcandre/sunshine/cmd/sunshine@latest
BSD-2-Clause
(None)
For more information on developing tug itself, see DEVELOPMENT.md.
sunshine follows classical UNIX CLI conventions: Basic exit codes, and no output except in case of an issue.
By default, sunshine analyzes the current working directory tree. To analyze specific paths, list some files and/or directories explicitly.
To scan the example SSH keys:
$ sunshine .ssh/id_test .ssh/id_test.pub
.ssh/id_test: expected chmod 0600, got 0644
To scan your live SSH directory tree:
$ sunshine ~/.ssh
Some paths may not be fully visible to the user account running sunshine. To check for paths missing chmod u+r or u+x (directories) or paths missing chmod u+r (files), run sunshine with root privileges:
$ sudo sunshine
sunshine is most effective for analyzing local file systems, dynamic applications, traditional network file storage directory trees such as rsync / FTP, and server / VM environments. Maxmimum security is achieved by deploying only the bare minimum files necessary for service, using chmod 0500 for directories and chmod 0400 for files, on read-only file system mounts. When access is needed by multiple users, apply the a UNIX group policy. Keep credentials and other sensitive data out of base application directory trees.
For safety and security, we recommend static assets rather than dynamic applications, such as deploying Web packs to a CDN. CDN bucket-wide permissions are ideally managed via reusable, scalable role policies, which are easier to apply and validate than individual file/object permissions. And don't make a CDN bucket world-readable without cause.
Dynamic applications can be compiled as static executables (chmod 0500) and installed into FROM scratch
Docker containers, with immutable file systems. sunshine may prove useful for underlying hypervisor and Kubernetes node environments, where traditional server security must still be maintained.
Classical SSH access can be disabled entirely in favor of cloud console access (VM's), or in favor of kubectl exec
access (Kubernetes pods).
brew doctor
command