diff options
| author | Nimesh-Msys <nimesh.patni@msystechnologies.com> | 2019-09-17 16:05:35 +0530 |
|---|---|---|
| committer | Nimesh-Msys <nimesh.patni@msystechnologies.com> | 2019-10-09 12:18:04 +0530 |
| commit | aacdcfc3165f4498e9541fd32f766343db630f3e (patch) | |
| tree | 010068ace0a341683723773205d08c33013f0604 /lib/chef | |
| parent | 68dfb74ac66ff8c4e78fda7d2d2d8dc1b9e5158b (diff) | |
| download | chef-aacdcfc3165f4498e9541fd32f766343db630f3e.tar.gz | |
Using umask to avoid race conditions
Signed-off-by: Nimesh-Msys <nimesh.patni@msystechnologies.com>
Diffstat (limited to 'lib/chef')
| -rw-r--r-- | lib/chef/knife/bootstrap/templates/chef-full.erb | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/chef/knife/bootstrap/templates/chef-full.erb b/lib/chef/knife/bootstrap/templates/chef-full.erb index cfcdf11a28..b0476c8d57 100644 --- a/lib/chef/knife/bootstrap/templates/chef-full.erb +++ b/lib/chef/knife/bootstrap/templates/chef-full.erb @@ -188,24 +188,24 @@ fi mkdir -p <%= Chef::Dist::CONF_DIR %> <% if client_pem -%> -cat > <%= Chef::Dist::CONF_DIR %>/client.pem <<'EOP' +(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/client.pem <<'EOP' <%= ::File.read(::File.expand_path(client_pem)) %> EOP -chmod 0600 <%= Chef::Dist::CONF_DIR %>/client.pem +)) || exit 1 <% end -%> <% if validation_key -%> -cat > <%= Chef::Dist::CONF_DIR %>/validation.pem <<'EOP' +(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/validation.pem <<'EOP' <%= validation_key %> EOP -chmod 0600 <%= Chef::Dist::CONF_DIR %>/validation.pem +)) || exit 1 <% end -%> <% if encrypted_data_bag_secret -%> -cat > <%= Chef::Dist::CONF_DIR %>/encrypted_data_bag_secret <<'EOP' +(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/encrypted_data_bag_secret <<'EOP' <%= encrypted_data_bag_secret %> EOP -chmod 0600 <%= Chef::Dist::CONF_DIR %>/encrypted_data_bag_secret +)) || exit 1 <% end -%> <% unless trusted_certs.empty? -%> |