From 9cfcc08434d4d4d09200945c8de67cf81d34861d Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Wed, 29 Nov 2017 16:12:33 +0530 Subject: [PATCH] shadowsocks: Create a config with stricter permissions So that the server password is not read by other users on the system. Signed-off-by: Sunil Mohan Adapa --- actions/shadowsocks | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/actions/shadowsocks b/actions/shadowsocks index bfbb8e67a..ba836124f 100755 --- a/actions/shadowsocks +++ b/actions/shadowsocks @@ -22,6 +22,7 @@ Helper script for configuring Shadowsocks. import argparse import json +import os import sys from plinth import action_utils @@ -79,7 +80,11 @@ def subcommand_merge_config(arguments): new_config.update(config) new_config = json.dumps(new_config, indent=4, sort_keys=True) - open(SHADOWSOCKS_CONFIG, 'w').write(new_config) + old_umask = os.umask(0o027) + try: + open(SHADOWSOCKS_CONFIG, 'w').write(new_config) + finally: + os.umask(old_umask) action_utils.service_reload(shadowsocks.managed_services[0])