Set file permissions for all files created

author: Galen Guyer <galen@galenguyer.com> 2022-11-17 15:19:09 -0500
committer: Galen Guyer <galen@galenguyer.com> 2022-11-17 15:19:09 -0500
commit: 47b9c18aba5025ecf21ab669c69010552498f407 (patch)
tree: d7d00beab87e7cc559c584a15066c5980c8b3d67
parent: 56d131c935422ac9b281c89b03836787535dc60f (diff)
4 files changed, 22 insertions, 3 deletions
diff --git a/src/lib/cert.rs b/src/lib/cert.rs
index 007bfe6..3f6b4c0 100644
--- a/src/lib/cert.rs
+++ b/src/lib/cert.rs
@@ -6,7 +6,8 @@ use openssl::x509::extension::*;
 use openssl::x509::*;
 
 use crate::path;
-use std::fs::{read, write};
+use std::fs::{read, write, File};
+use std::os::unix::prelude::PermissionsExt;
 
 pub fn generate_cert(
     lifetime_days: u32,
@@ -96,6 +97,10 @@ pub fn generate_cert(
 
 pub fn save_cert(path: &str, cert: &X509) {
     path::ensure_dir(path);
+    let file = File::create(path).unwrap();
+    let mut permissions = file.metadata().unwrap().permissions();
+    permissions.set_mode(0o600);
+    std::fs::set_permissions(path, permissions).unwrap();
     write(path, cert.to_pem().unwrap()).unwrap();
 }
 
diff --git a/src/lib/path.rs b/src/lib/path.rs
index d77fd59..c14581e 100644
--- a/src/lib/path.rs
+++ b/src/lib/path.rs
@@ -2,6 +2,7 @@ use crate::KeyType;
 use path_absolutize::*;
 use shellexpand;
 use std::fs::create_dir_all;
+use std::os::unix::fs::PermissionsExt;
 use std::path::Path;
 
 pub fn ca_pkey(base_dir: &str, key_type: KeyType) -> String {
@@ -74,4 +75,7 @@ pub fn ensure_dir(path: &str) {
     };
 
     create_dir_all(dir).unwrap();
+    let mut permissions = std::fs::metadata(dir).unwrap().permissions();
+    permissions.set_mode(0o700);
+    std::fs::set_permissions(dir, permissions).unwrap();
 }
diff --git a/src/lib/pkey.rs b/src/lib/pkey.rs
index 41bb3e9..9f1ab28 100644
--- a/src/lib/pkey.rs
+++ b/src/lib/pkey.rs
@@ -5,7 +5,8 @@ use openssl::nid::Nid;
 use openssl::pkey::{PKey, Private};
 use openssl::rsa::Rsa;
 use openssl::symm::Cipher;
-use std::fs::{read, write};
+use std::fs::{read, write, File};
+use std::os::unix::fs::PermissionsExt;
 
 pub fn generate_pkey(key_type: KeyType) -> PKey<Private> {
     match key_type {
@@ -31,6 +32,10 @@ pub fn save_pkey(path: &str, key: &PKey<Private>, password: Option<String>) {
         }
         None => key.private_key_to_pem_pkcs8().unwrap(),
     };
+    let file = File::create(path).unwrap();
+    let mut permissions = file.metadata().unwrap().permissions();
+    permissions.set_mode(0o600);
+    std::fs::set_permissions(path, permissions).unwrap();
     write(path, pem_encoded).unwrap();
 }
 
diff --git a/src/lib/req.rs b/src/lib/req.rs
index 3e6a311..f97955c 100644
--- a/src/lib/req.rs
+++ b/src/lib/req.rs
@@ -5,8 +5,9 @@ use openssl::stack::Stack;
 use openssl::x509::extension::SubjectAlternativeName;
 use openssl::x509::{X509Name, X509Req};
 
-use std::fs::{read, write};
+use std::fs::{read, write, File};
 use std::net::IpAddr;
+use std::os::unix::fs::PermissionsExt;
 use std::str::FromStr;
 
 use crate::path;
@@ -102,6 +103,10 @@ pub fn generate_req(
 pub fn save_req(path: &str, req: &X509Req) {
     println!("{}", path);
     path::ensure_dir(path);
+    let file = File::create(path).unwrap();
+    let mut permissions = file.metadata().unwrap().permissions();
+    permissions.set_mode(0o600);
+    std::fs::set_permissions(path, permissions).unwrap();
     write(path, req.to_pem().unwrap()).unwrap();
 }
author	Galen Guyer <galen@galenguyer.com>	2022-11-17 15:19:09 -0500
committer	Galen Guyer <galen@galenguyer.com>	2022-11-17 15:19:09 -0500
commit	47b9c18aba5025ecf21ab669c69010552498f407 (patch)
tree	d7d00beab87e7cc559c584a15066c5980c8b3d67
parent	56d131c935422ac9b281c89b03836787535dc60f (diff)