Skip to content

Commit

Permalink
fix: chmod config 0600 such that only the creating user can read
Browse files Browse the repository at this point in the history
  • Loading branch information
@garethgeorge
garethgeorge committed Jan 25, 2024
1 parent ee6134a commit ecff0e5
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions internal/config/jsonstore.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,7 @@ func (f *JsonFileStore) Get() (*v1.Config, error) {
}

var config v1.Config

if err = protojson.Unmarshal(data, &config); err != nil {
if err = (protojson.UnmarshalOptions{DiscardUnknown: true}).Unmarshal(data, &config); err != nil {
return nil, fmt.Errorf("failed to unmarshal config: %w", err)
}

Expand Down Expand Up @@ -72,5 +71,10 @@ func (f *JsonFileStore) Update(config *v1.Config) error {
return fmt.Errorf("failed to write config file: %w", err)
}

// only the user running backrest should be able to read the config.
if err := os.Chmod(f.Path, 0600); err != nil {
return fmt.Errorf("chmod(0600) config file: %w", err)
}

return nil
}

0 comments on commit ecff0e5

Please sign in to comment.