New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

netrc file generated by `fh login` is world-readable #140

Open

antoineco opened this issue Sep 14, 2024 · 0 comments

antoineco commented Sep 14, 2024 •

edited

Loading

fh 0.1.16

As indicated in the title, the netrc file created by fh login is readable by everyone by default:

$ fh login
Log in to FlakeHub: https://flakehub.com/token/create?description=FlakeHub+CLI+on+myhost
And then follow the prompts below:

\> Paste your token here: ********
Logged in: true
GitHub user name: antoineco
Token expires at: 2024-12-13 12:16:00 +00:00

$ ls -l /nix/var/determinate/
total 12
srw-rw-rw- 1 root root    0 Sep 14 12:27 determinate-nixd.socket
-rw-r--r-- 1 root root  149 Sep 14 12:37 identity.json
prwx------ 1 root root    0 Sep 14 12:27 intake.pipe
-rw-r--r-- 1 root root 3463 Sep 14 12:37 netrc
-r-xr--r-- 1 root root  341 Sep 14 12:27 post-build-hook.sh

$ id
uid=1000(acotten) gid=100(users) groups=100(users),1(wheel)

$ cat /nix/var/determinate/netrc
machine flakehub.com login flakehub password ...
machine api.flakehub.com login flakehub password ...
machine cache.flakehub.com login flakehub password ...

Note that if the file is created manually with the permissions -rw-r-----, fh resets those permissions.

The Nix daemon was installed and configured by https://flakehub.com/flake/DeterminateSystems/determinate.

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment