Make app.ini more restrictive on new installations (#16266)

Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>
author: Steven <61625851+justusbunsi@users.noreply.github.com> 2021-06-27 12:07:36 +0200
committer: GitHub <noreply@github.com> 2021-06-27 11:07:36 +0100
commit: f533b5d5cf5178adf7f8f968cd7ded45c00ad9e6 (patch)
tree: a0ab8b472be2ed0cc5f82f8850d75710cdc8ebea /modules/setting/setting.go
parent: 35f37a3625476fe5426c35e30e409550054c2d46 (diff)
download: gitea-f533b5d5cf5178adf7f8f968cd7ded45c00ad9e6.tar.gz
gitea-f533b5d5cf5178adf7f8f968cd7ded45c00ad9e6.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index ca18f8f5ba..de167e288a 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -1159,6 +1159,19 @@ func CreateOrAppendToCustomConf(callback func(cfg *ini.File)) {
 	if err := cfg.SaveTo(CustomConf); err != nil {
 		log.Fatal("error saving to custom config: %v", err)
 	}
+
+	// Change permissions to be more restrictive
+	fi, err := os.Stat(CustomConf)
+	if err != nil {
+		log.Error("Failed to determine current conf file permissions: %v", err)
+		return
+	}
+
+	if fi.Mode().Perm() > 0o600 {
+		if err = os.Chmod(CustomConf, 0o600); err != nil {
+			log.Warn("Failed changing conf file permissions to -rw-------. Consider changing them manually.")
+		}
+	}
 }
 
 // NewServices initializes the services
author	Steven <61625851+justusbunsi@users.noreply.github.com>	2021-06-27 12:07:36 +0200
committer	GitHub <noreply@github.com>	2021-06-27 11:07:36 +0100
commit	f533b5d5cf5178adf7f8f968cd7ded45c00ad9e6 (patch)
tree	a0ab8b472be2ed0cc5f82f8850d75710cdc8ebea /modules/setting/setting.go
parent	35f37a3625476fe5426c35e30e409550054c2d46 (diff)
download	gitea-f533b5d5cf5178adf7f8f968cd7ded45c00ad9e6.tar.gz gitea-f533b5d5cf5178adf7f8f968cd7ded45c00ad9e6.zip