diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-24 21:01:12 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-24 21:32:01 +0100 |
| commit | c612a7ff44995f4f9c39fa0fb68470d90c88decf (patch) | |
| tree | 4b0a3fd2c44dbc25653a93b7ec692a003f0e133b /lacme | |
| parent | cdd025133a306cd8d3e81aa832ac056119d65f3a (diff) | |
lacme: Default mode for certificate(-chain) creation is 0644 minus umask restrictions.
Also, always spawn the client with umask 0022 so a starting lacme(8)
with a restrictive umask doesn't impede serving challenge response
files.
Diffstat (limited to 'lacme')
| -rwxr-xr-x | lacme | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -581,6 +581,7 @@ sub acme_client($@) { set_FD_CLOEXEC($client, 1); my $rv = spawn({in => $args->{in}, out => $args->{out}, child => sub() { drop_privileges($conf->{user}, $conf->{group}, $args->{chdir} // '/'); + umask(0022) // die; set_FD_CLOEXEC($_, 0) foreach ($CONFFILE, $client); seek($CONFFILE, SEEK_SET, 0) or die "seek: $!"; $ENV{DEBUG} = $OPTS{debug} // 0; |