- **status**: review --> closed
--- ** [tickets:#8127] Fix how we write the .google_authenticator file** **Status:** closed **Milestone:** unreleased **Labels:** security **Created:** Fri Sep 09, 2016 07:29 PM UTC by Dave Brondsema **Last Updated:** Thu Sep 15, 2016 02:22 PM UTC **Owner:** Dave Brondsema The google authenticator PAM module will write the `.google_authenticator` files with permission `400 (-r--------)` and then Allura can't write to it. We also need to write it with `400` or `600` perms, so it is secure for PAM to use it afterwards. And best to do it atomically, with a file rename operation. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
