From d37313bef4cbfdcb40380b481d71bc9b10936539 Mon Sep 17 00:00:00 2001 From: max furman Date: Mon, 15 Nov 2021 10:20:10 -0800 Subject: [PATCH] Use 0600 for profile defaults file. --- pki/pki.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pki/pki.go b/pki/pki.go index 0c9d91e8..effc1f22 100644 --- a/pki/pki.go +++ b/pki/pki.go @@ -959,9 +959,12 @@ func (p *PKI) Save(opt ...ConfigOption) error { if err = fileutil.WriteFile(p.defaults, b, 0644); err != nil { return errs.FileError(err, p.defaults) } + // If we're using contexts then write a blank object to the defualt profile + // configuration location. if p.profileDefaults != "" { if _, err := os.Stat(p.profileDefaults); os.IsNotExist(err) { - if err = fileutil.WriteFile(p.profileDefaults, []byte("{}"), 0644); err != nil { + // Write with 0600 to be consistent with directories structure. + if err = fileutil.WriteFile(p.profileDefaults, []byte("{}"), 0600); err != nil { return errs.FileError(err, p.profileDefaults) } } else if err != nil {