backup-auth creates files with insecure permission #194

znz · 2020-06-13T09:54:26Z

dokku postgres:backup-auth creates world-readable files.
I think AWS_SECRET_ACCESS_KEY should not be world-readable at least.

vagrant@dokku:~$ dokku postgres:backup-auth lolipop MINIO_ACCESS_KEY_ID MINIO_SECRET_ACCESS_KEY us-east-1 s3v4 https://YOURMINIOSERVICE
vagrant@dokku:~$ ls -al /var/lib/dokku/services/postgres/lolipop/backup/
total 28
drwxr-xr-x 2 dokku dokku 4096 Jun 13 09:49 .
drwxr-xr-x 4 dokku dokku 4096 Jun 13 09:49 ..
-rw-r--r-- 1 dokku dokku   20 Jun 13 09:49 AWS_ACCESS_KEY_ID
-rw-r--r-- 1 dokku dokku   10 Jun 13 09:49 AWS_DEFAULT_REGION
-rw-r--r-- 1 dokku dokku   24 Jun 13 09:49 AWS_SECRET_ACCESS_KEY
-rw-r--r-- 1 dokku dokku    5 Jun 13 09:49 AWS_SIGNATURE_VERSION
-rw-r--r-- 1 dokku dokku   25 Jun 13 09:49 ENDPOINT_URL

The text was updated successfully, but these errors were encountered:

josegonzalez · 2020-07-02T17:28:42Z

What should be the correct permissions on these files?

Schlepptop · 2020-07-20T12:54:43Z

This should be resolved by dokku/dokku-postgres#206

tribela · 2022-03-18T18:49:57Z

This should be resolved by dokku/dokku-postgres#206

At least 640. o-rw

josegonzalez added type: bug type: service labels Dec 27, 2022

josegonzalez transferred this issue from dokku/dokku-postgres Dec 27, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

backup-auth creates files with insecure permission #194

backup-auth creates files with insecure permission #194

znz commented Jun 13, 2020

josegonzalez commented Jul 2, 2020

Schlepptop commented Jul 20, 2020

tribela commented Mar 18, 2022

backup-auth creates files with insecure permission #194

backup-auth creates files with insecure permission #194

Comments

znz commented Jun 13, 2020

josegonzalez commented Jul 2, 2020

Schlepptop commented Jul 20, 2020

tribela commented Mar 18, 2022