Autogenerated config should have tighter permissions

Question

Autogenerated config should have tighter permissions

gjabell opened this issue 3 years ago · 3 comments

Thanks for the project, just started using it and it's working great so far!

I noticed that when the configuration file is autogenerated it has default (in my case 644) permissions, which are readable by everyone. Since this file will likely contain authentication secrets, it would be great if it were created with 600 permissions so it's only readable by the user that runs rescrobbled.

Answer 1 · 2021-09-20T12:05:19.000Z

Great suggestion - shouldn't be too hard to implement, I will add this in the next release

Thanks!

Answer 2 · 2021-09-29T22:06:59.000Z

I just realized this should also be the case for the session token, so I will fix the permissions for that as well.

Answer 3 · 2021-12-24T13:56:55.000Z

This has been added on the development branch and will be released with v0.5.0!