diff mbox

[03/13] libnsdb: Update mode bits for NSDB cert files

Message ID 20130108172732.65133.51865.stgit@seurat.1015granger.net
State Accepted
Headers show

Commit Message

Chuck Lever Jan. 8, 2013, 5:27 p.m. UTC 
Cert files are never updated after they are created, so remove owner
write permission.  As a clean-up, use a macro to define and label
the certificate file mode bits.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 src/libnsdb/nsdb.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)
diff mbox

Patch

diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c
index 7ef39d3..e5fb09a 100644
--- a/src/libnsdb/nsdb.c
+++ b/src/libnsdb/nsdb.c
@@ -69,6 +69,11 @@ 
  */
 #define NSDB_NCE_ENV		"FEDFS_NSDB_NCE"
 
+/**
+ * Permission mode to use when creating certfiles
+ */
+#define FEDFS_CERTFILE_MODE	(S_IRUSR|S_IRGRP|S_IROTH)
+
 
 /**
  * Stores pathname of directory containing FedFS persistent state
@@ -571,7 +576,7 @@  nsdb_new_certfile(const char *certdata, const unsigned int certlen,
 	}
 
 	fd = open(pathbuf, O_WRONLY | O_SYNC | O_CREAT | O_EXCL,
-						S_IRUSR | S_IWUSR | S_IRGRP);
+						FEDFS_CERTFILE_MODE);
 	if (fd == -1) {
 		xlog(D_GENERAL, "%s: Failed to open %s: %m",
 			__func__, pathbuf);