subspacecommunity/subspace

Data dir permission is too wide

ssiuhk opened this issue · 0 comments

Describe the bug
data dir default permission is too wide, it allows anyone on the system to read confidential information such as private key

To Reproduce
Steps to reproduce the behavior:

  1. Launch subspace container with mapped local directory ./data:/data
  2. [root@localhost subspace]#tree -pufi data
    data
    [-rw-r--r-- root ] data/config.json
    [drwxr-xr-x root ] data/wireguard
    [drwxr-xr-x root ] data/wireguard/clients
    [-rw-r--r-- root ] data/wireguard/clients/null.conf
    [drwxr-xr-x root ] data/wireguard/peers
    [-rw-r--r-- root ] data/wireguard/peers/null.conf
    [-rw-r--r-- root ] data/wireguard/server.conf
    [-rw-r--r-- root ] data/wireguard/server.private
    [-rw-r--r-- root ] data/wireguard/server.public

3 directories, 6 files

Expected behavior
Configuration files (which may contains confidential information) and private keys should be readable by owner only. Moreover the directory permission can be tighten as well.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context
Add any other context about the problem here.