island: Add `umask 377` to create_certificate.sh

By setting the umask to 377 in create_certificate.sh, we ensure that the
TLS key file that is created is readable only by the user that created
it, and not world readable (as is the default on some linux distros).
This commit is contained in:
Mike Salvatore 2021-05-11 19:22:43 -04:00
parent 2af2fd4a55
commit 2d422f157e
1 changed files with 2 additions and 0 deletions

View File

@ -17,6 +17,8 @@ if [ ! -f /tmp/foo.txt ]; then # If the file already exists, assume that the co
CREATED_RND_FILE=true CREATED_RND_FILE=true
fi fi
umask 377
echo "Generating key in $server_root/server.key..." echo "Generating key in $server_root/server.key..."
openssl genrsa -out "$server_root"/server.key 2048 openssl genrsa -out "$server_root"/server.key 2048
echo "Generating csr in $server_root/server.csr..." echo "Generating csr in $server_root/server.csr..."