#8127 Fix how we write the .google_authenticator file

v1.6.0
closed
security (30)
General
nobody
2016-09-15
2016-09-09
No

The google authenticator PAM module will write the .google_authenticator files with permission 400 (-r--------) and then Allura can't write to it. We also need to write it with 400 or 600 perms, so it is secure for PAM to use it afterwards. And best to do it atomically, with a file rename operation.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2016-09-09

    db/8127

     
  • Kenton Taylor

    Kenton Taylor - 2016-09-15

    Looks good, clear to merge.

     
  • Dave Brondsema

    Dave Brondsema - 2016-09-15
    • status: review --> closed
     
  • Dave Brondsema

    Dave Brondsema - 2016-12-14
    • Milestone: unreleased --> v1.6.0
     

Log in to post a comment.