Fix file permissions for developer key and auth cookie (#3024)

* fix permissions * include read for group
2026-03-26 02:11:53 +00:00 · 2025-09-16 17:09:33 +02:00
parent 68414678d8
commit 1d331d7810
2 changed files with 2 additions and 2 deletions
--- a/core/startos/src/developer/mod.rs
+++ b/core/startos/src/developer/mod.rs
@@ -31,7 +31,7 @@ pub async fn write_developer_key(
        secret_key: secret.to_bytes(),
        public_key: Some(PublicKeyBytes(VerifyingKey::from(secret).to_bytes())),
    };
-    let mut file = create_file_mod(path, 0o046).await?;
+    let mut file = create_file_mod(path, 0o640).await?;
    file.write_all(
        keypair_bytes
            .to_pkcs8_pem(base64ct::LineEnding::default())
--- a/core/startos/src/middleware/auth.rs
+++ b/core/startos/src/middleware/auth.rs
@@ -43,7 +43,7 @@ pub trait AuthContext: SignatureAuthContext {
    const LOCAL_AUTH_COOKIE_OWNERSHIP: &str;
    fn init_auth_cookie() -> impl Future<Output = Result<(), Error>> + Send {
        async {
-            let mut file = create_file_mod(Self::LOCAL_AUTH_COOKIE_PATH, 0o046).await?;
+            let mut file = create_file_mod(Self::LOCAL_AUTH_COOKIE_PATH, 0o640).await?;
            file.write_all(BASE64.encode(random::<[u8; 32]>()).as_bytes())
                .await?;
            file.sync_all().await?;