Sam Corbett created BROOKLYN-46:
-----------------------------------
Summary: Files created by persistence mechanism should not be
readable by other users
Key: BROOKLYN-46
URL: https://issues.apache.org/jira/browse/BROOKLYN-46
Project: Brooklyn
Issue Type: Bug
Reporter: Sam Corbett
Originally reported at: https://github.com/brooklyncentral/brooklyn/issues/1240
Files containing persisted state have permissions 644. Files containing
persisted locations contain private key data. Other users should not be able to
read this data. We should follow ssh's practice and restrict access to the user
that owns the private key.
{code}
$ su otheruser
$ ls -l /Users/sam/.brooklyn/brooklyn-persisted-state/data/locations
total 112
-rw-r--r-- 1 sam staff 2319 10 Mar 10:38 BhIXCfBt
-rw-r--r-- 1 sam staff 2317 10 Mar 10:38 FktCwLnX
...
$ cat /Users/sam/.brooklyn/brooklyn-persisted-state/data/locations/BhIXCfBt
<location>
<brooklynVersion>0.7.0-SNAPSHOT</brooklynVersion>
<type>brooklyn.location.basic.SshMachineLocation</type>
<id>BhIXCfBt</id>
<displayName>SshMachineLocation:BhIX</displayName>
<children/>
<locationConfig>
<longitude type="double">-77.48750305175781</longitude>
<port type="int">22</port>
<latitude type="double">39.043701171875</latitude>
<user>sam</user>
<privateKeyData>-----BEGIN RSA PRIVATE KEY-----
... :-(
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
