Skip to content

Comments

tls: make sure certificates can't be read by other users#19

Open
mrl5 wants to merge 1 commit intopingooio:mainfrom
mrl5:tls-dir-permissions
Open

tls: make sure certificates can't be read by other users#19
mrl5 wants to merge 1 commit intopingooio:mainfrom
mrl5:tls-dir-permissions

Conversation

@mrl5
Copy link

@mrl5 mrl5 commented Jan 1, 2026

Issue

Currently /etc/pingoo/tls folder has drwxr-xr-x (755) permissions. This is where certificates are stored and they are created with -rw-r--r-- (644) mode.

Solution

This change introduces additional security layer which makes sure that certificates can't be read by other linux users, by setting 750 directory mode (drwxr-x---) for the /etc/pingoo/tls dir

@mrl5 mrl5 force-pushed the tls-dir-permissions branch from bb9ff1c to d3f0a3c Compare January 1, 2026 18:15
@mrl5
Copy link
Author

mrl5 commented Jan 1, 2026

hmm, this PR might introduce some regression that was fixed in e2d9875

this change introduces additional security layer which makes sure that
certificates can't be read by other linux users by using 750 directory
mode
@mrl5 mrl5 force-pushed the tls-dir-permissions branch from d3f0a3c to a78345e Compare January 1, 2026 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant