[x509] VPN client files should be created with 0600 permissions by default.

openwisp / django-netjsonconfig

Configuration manager for embedded devices, implemented as a reusable django-app

http://openwisp.org

Other

194 stars 60 forks source link

[x509] VPN client files should be created with 0600 permissions by default. #169

Closed nemesifier closed 4 years ago

nemesifier commented 4 years ago

VPN client files (ca, cert, key) should be created with 0600 permissions by default.

pandafy commented 4 years ago

Working on this!

pandafy commented 4 years ago

@nemesisdesign, it is kinda hardcoded in netjsonconfig. One way can be to make DEFAULT_FILE_MODE a class variable, whose value is updated from schema.

nemesifier commented 4 years ago

@TheOneAboveAllTitan thanks for the analysis, I think this is the way to go: https://github.com/openwisp/netjsonconfig/issues/147#issuecomment-602113886

The problem is downstream. The test in this module will need to be updated like you did in https://github.com/TheOneAboveAllTitan/django-netjsonconfig/commit/7bb6c8177622b923d586797daa358660f9753cb1.

nemesifier commented 4 years ago

So now that https://github.com/openwisp/netjsonconfig/pull/148 is merged, here it remains pending to verify that the fix works when used via the admin and then we can close this as well.