Home Verkennen Help
Inloggen
fphammerle
/
docker-postsrsd
spiegel van https://github.com/fphammerle/docker-postsrsd
1
0
Vork 0
Bestanden Issues 0 Wiki
Bladeren bron

change umask to 0077 to initialize secrets file with minimal permissions

Fabian Peter Hammerle 1 dag geleden
bovenliggende
7930fb5fce
commit
a2bd8b0df9
2 gewijzigde bestanden met toevoegingen van 2 en 0 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 1 0
      CHANGELOG.md
  2. 1 0
      Dockerfile

+ 1 - 0
CHANGELOG.md
Bestand weergeven 

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
 - expose tcp port 10003 instead of 10001 & 10002
 
   (postsrsd v2 uses "socketmap:" instead of "tcp:" tables)
 
+- umask `0077` to initialize secrets file with minimal permissions
 
 
 ### Removed
 
 - environment variables `SRS_DOMAIN` & `SRS_SECRET`

+ 1 - 0
Dockerfile
Bestand weergeven 

@@ -25,6 +25,7 @@ USER postsrsd
 
 ENV POSTSRSD_SECRET_PATH=${POSTSRSD_SECRET_PATH}
 
 EXPOSE 10003/tcp
 
 CMD set -x; \
 
+    umask 0077; \
 
     if [ ! -s "$POSTSRSD_SECRET_PATH" ]; then \
 
       tr -dc '1-9a-zA-Z' < /dev/random | head -c 32 > "$POSTSRSD_SECRET_PATH"; \
 
     fi \