Merge pull request #134 from flokli/keyfile-mode

Set mode when creating key file
threefoldtech · Feb 27, 2024 · 9feff08 · 9feff08
2 parents 80bf154 + f140167
commit 9feff08
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/src/main.rs b/src/main.rs
@@ -309,8 +309,23 @@ async fn load_key_file(path: &Path) -> Result<crypto::SecretKey, io::Error> {
 }
 
 async fn save_key_file(key: &crypto::SecretKey, path: &Path) -> io::Result<()> {
-    let mut file = File::create(path).await?;
-    file.write_all(key.as_bytes()).await?;
+    #[cfg(target_family = "unix")]
+    {
+        use tokio::fs::OpenOptions;
+
+        let mut file = OpenOptions::new()
+            .create(true)
+            .write(true)
+            .mode(0o600) // rw by the owner, not readable by group or others
+            .open(path)
+            .await?;
+        file.write_all(key.as_bytes()).await?;
+    }
+    #[cfg(not(target_family = "unix"))]
+    {
+        let mut file = File::create(path).await?;
+        file.write_all(key.as_bytes()).await?;
+    }
 
     Ok(())
 }