- if (not os.path.exists(keyfile)):
- subprocess.check_call('umask 0027 && openssl genrsa -out %s 1024 && chgrp onionbalance %s'%(keyfile, keyfile), shell=True)
+ if not os.path.exists(keyfile):
+ subprocess.check_call(['openssl', 'genrsa', '-out', keyfile, '1024'],
+ preexec_fn=lambda: os.umask(0o027))
+ shutil.chown(keyfile, group='onionbalance')
+ os.chmod(keyfile, 0o640)