[ovs-dev] [ovs-pki fixes 3/3] ovs-pki: Create private keys with restricted permissions.

Ben Pfaff blp at nicira.com
Fri Aug 6 13:34:23 PDT 2010


On Fri, Aug 06, 2010 at 01:22:12PM -0700, Ben Pfaff wrote:
> On Fri, Aug 06, 2010 at 12:59:45PM -0700, Justin Pettit wrote:
> > On Aug 6, 2010, at 10:24 AM, Ben Pfaff wrote:
> > 
> > > +        (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
> > > +            || exit $?
> > 
> > Would it make sense to make them also not executable?
> 
> Not quite sure what to make of that remark.  When you create a file with
> a umask of 077, the kernel takes the specified permissions and then acts
> as if "chmod go-rwx" was applied to the file, atomically.
> 
> What umask do you suggest?

By the way, for now I've pushed this, but I'll happily follow up with a
change later if necessary.

Thanks,

Ben.




More information about the dev mailing list