Use umask 0077 across the process in order to have the created files …

…readable only by the acme-dns user (joohoi#102)
jacobmyers-codeninja · Aug 12, 2018 · 5899757 · 5899757
1 parent 897010b
commit 5899757
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/main.go b/main.go
@@ -7,6 +7,7 @@ import (
 	stdlog "log"
 	"net/http"
 	"os"
+	"syscall"
 
 	"github.com/julienschmidt/httprouter"
 	"github.com/rs/cors"
@@ -15,6 +16,8 @@ import (
 )
 
 func main() {
+	// Created files are not world writable
+	syscall.Umask(0077)
 	// Read global config
 	var err error
 	if fileIsAccessible("/etc/acme-dns/config.cfg") {