Make sure, .ssh directory and authorized_keys file are kept at correct permissions

diff --git a/models/publickey.go b/models/publickey.go
index baf381778e064be7ba4168ad963a3ea98816197d..6e0494ef94dcae0c00f780ce143fb91d73b6602d 100644 (file)
--- a/models/publickey.go
+++ b/models/publickey.go
@@ -69,7 +69,7 @@ func init() {
 
        // Determine and create .ssh path.
        SshPath = filepath.Join(homeDir(), ".ssh")
-       if err = os.MkdirAll(SshPath, os.ModePerm); err != nil {
+       if err = os.MkdirAll(SshPath, 0700); err != nil {
                log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err)
        }
 }
@@ -155,6 +155,15 @@ func saveAuthorizedKeyFile(key *PublicKey) error {
        if err != nil {
                return err
        }
+       finfo, err := f.Stat()
+       if err != nil {
+               return err
+       }
+       if finfo.Mode().Perm() > 0600 {
+               log.Error("authorized_keys file has unusual permission flags: " + finfo.Mode().Perm() + " - setting to -rw-r--r--")
+               f.Chmod(0600)
+       }
+
        defer f.Close()
 
        _, err = f.WriteString(key.GetAuthorizedString())