[ovs-dev] [ovs-pki fixes 3/3] ovs-pki: Create private keys with restricted permissions.
blp at nicira.com
Fri Aug 6 13:34:23 PDT 2010
On Fri, Aug 06, 2010 at 01:22:12PM -0700, Ben Pfaff wrote:
> On Fri, Aug 06, 2010 at 12:59:45PM -0700, Justin Pettit wrote:
> > On Aug 6, 2010, at 10:24 AM, Ben Pfaff wrote:
> > > + (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
> > > + || exit $?
> > Would it make sense to make them also not executable?
> Not quite sure what to make of that remark. When you create a file with
> a umask of 077, the kernel takes the specified permissions and then acts
> as if "chmod go-rwx" was applied to the file, atomically.
> What umask do you suggest?
By the way, for now I've pushed this, but I'll happily follow up with a
change later if necessary.
More information about the dev