[ovs-dev] [ovs-pki fixes 3/3] ovs-pki: Create private keys with restricted permissions.

Fri Aug 6 20:22:12 UTC 2010

On Fri, Aug 06, 2010 at 12:59:45PM -0700, Justin Pettit wrote:
> On Aug 6, 2010, at 10:24 AM, Ben Pfaff wrote:
> 
> > +        (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
> > +            || exit $?
> 
> Would it make sense to make them also not executable?

Not quite sure what to make of that remark.  When you create a file with
a umask of 077, the kernel takes the specified permissions and then acts
as if "chmod go-rwx" was applied to the file, atomically.

What umask do you suggest?