projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Make sure onionbalance private keys are group-readable
[mirror/dsa-puppet.git] / modules / onion / files / create-onionbalance-config
diff --git a/modules/onion/files/create-onionbalance-config b/modules/onion/files/create-onionbalance-config
index 90e2ed7..5903a74 100755 (executable)
--- a/modules/onion/files/create-onionbalance-config
+++ b/modules/onion/files/create-onionbalance-config
@@ -71,7 +71,7 @@ for s in service_instances:
   keyfile = os.path.join(keydir, s+'.key')
   relkeyfile = os.path.join(relkeydir, s+'.key')
   if (not os.path.exists(keyfile)):
-    subprocess.check_call('umask 0027 && openssl genrsa -out %s 1024 && chgrp onionbalance %s'%(keyfile, keyfile), shell=True)
+    subprocess.check_call('umask 0027 && openssl genrsa -out %s 1024 && chgrp onionbalance %s && chmod 0640 %s'%(keyfile, keyfile, keyfile), shell=True)
 
   service = {
     'key': relkeyfile,
Unnamed repository; edit this file 'description' to name the repository.