Make sure, .ssh directory and authorized_keys file are kept at correct permissions

author: Sebastian Jackel <sjackel@trustinternational.com> 2014-08-07 10:00:57 +0200
committer: Sebastian Jackel <sjackel@trustinternational.com> 2014-08-07 10:00:57 +0200
commit: be7ce72ebe6cddd49a2ffffaa3f136af9f2c72f2 (patch)
tree: da8596da1afe7c823652ce3a2c476959a3f54d0d /models/publickey.go
parent: 99eeb08419e63474b4e9d6581335f693d26c0e69 (diff)
download: gitea-be7ce72ebe6cddd49a2ffffaa3f136af9f2c72f2.tar.gz
gitea-be7ce72ebe6cddd49a2ffffaa3f136af9f2c72f2.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/models/publickey.go b/models/publickey.go
index baf381778e..6e0494ef94 100644
--- a/models/publickey.go
+++ b/models/publickey.go
@@ -69,7 +69,7 @@ func init() {
 
 	// Determine and create .ssh path.
 	SshPath = filepath.Join(homeDir(), ".ssh")
-	if err = os.MkdirAll(SshPath, os.ModePerm); err != nil {
+	if err = os.MkdirAll(SshPath, 0700); err != nil {
 		log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err)
 	}
 }
@@ -155,6 +155,15 @@ func saveAuthorizedKeyFile(key *PublicKey) error {
 	if err != nil {
 		return err
 	}
+	finfo, err := f.Stat()
+	if err != nil {
+		return err
+	}
+	if finfo.Mode().Perm() > 0600 {
+		log.Error("authorized_keys file has unusual permission flags: " + finfo.Mode().Perm() + " - setting to -rw-r--r--")
+		f.Chmod(0600)
+	}
+
 	defer f.Close()
 
 	_, err = f.WriteString(key.GetAuthorizedString())
author	Sebastian Jackel <sjackel@trustinternational.com>	2014-08-07 10:00:57 +0200
committer	Sebastian Jackel <sjackel@trustinternational.com>	2014-08-07 10:00:57 +0200
commit	be7ce72ebe6cddd49a2ffffaa3f136af9f2c72f2 (patch)
tree	da8596da1afe7c823652ce3a2c476959a3f54d0d /models/publickey.go
parent	99eeb08419e63474b4e9d6581335f693d26c0e69 (diff)
download	gitea-be7ce72ebe6cddd49a2ffffaa3f136af9f2c72f2.tar.gz gitea-be7ce72ebe6cddd49a2ffffaa3f136af9f2c72f2.zip