cephadm: change agent file permissions to 600

author Adam King <adking@redhat.com>

Thu, 6 Jan 2022 12:24:52 +0000 (07:24 -0500)

committer Adam King <adking@redhat.com>

Fri, 28 Jan 2022 16:23:51 +0000 (11:23 -0500)
author Adam King <adking@redhat.com>
Thu, 6 Jan 2022 12:24:52 +0000 (07:24 -0500)
committer Adam King <adking@redhat.com>
Fri, 28 Jan 2022 16:23:51 +0000 (11:23 -0500)
diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm

index 5fd99fd4d706cd239ca98b276c98f11eb76d0721..175348ca2a40b2834b1128e4b9d35d7acd766498 100755 (executable)
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -3781,14 +3781,14 @@ class CephadmAgent():
          # Create the required config files in the daemons dir, with restricted permissions
          for filename in config:
              if filename in self.required_files:
-                with open(os.path.join(self.daemon_dir, filename), 'w') as f:
+                with open(os.open(os.path.join(self.daemon_dir, filename), os.O_CREAT | os.O_WRONLY, 0o600), 'w') as f:
                      f.write(config[filename])
  
-        with open(os.path.join(self.daemon_dir, 'unit.run'), 'w') as f:
+        with open(os.open(os.path.join(self.daemon_dir, 'unit.run'), os.O_CREAT | os.O_WRONLY, 0o600), 'w') as f:
              f.write(self.unit_run())
  
          unit_file_path = os.path.join(self.ctx.unit_dir, self.unit_name())
-        with open(unit_file_path + '.new', 'w') as f:
+        with open(os.open(unit_file_path + '.new', os.O_CREAT | os.O_WRONLY, 0o600), 'w') as f:
              f.write(self.unit_file())
              os.rename(unit_file_path + '.new', unit_file_path)
author	Adam King <adking@redhat.com>
	Thu, 6 Jan 2022 12:24:52 +0000 (07:24 -0500)
committer	Adam King <adking@redhat.com>
	Fri, 28 Jan 2022 16:23:51 +0000 (11:23 -0500)