The google authenticator PAM module will write the
.google_authenticator files with permission
400 (-r--------) and then Allura can't write to it. We also need to write it with
600 perms, so it is secure for PAM to use it afterwards. And best to do it atomically, with a file rename operation.
Log in to post a comment.