[ovs-dev] [ovs-pki fixes 3/3] ovs-pki: Create private keys with restricted permissions.
blp at nicira.com
Fri Aug 6 20:22:12 UTC 2010
On Fri, Aug 06, 2010 at 12:59:45PM -0700, Justin Pettit wrote:
> On Aug 6, 2010, at 10:24 AM, Ben Pfaff wrote:
> > + (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
> > + || exit $?
> Would it make sense to make them also not executable?
Not quite sure what to make of that remark. When you create a file with
a umask of 077, the kernel takes the specified permissions and then acts
as if "chmod go-rwx" was applied to the file, atomically.
What umask do you suggest?
More information about the dev