util: create ceph.conf with 0600 permissions

The generated ceph.conf does not need readable by the group, there is
only one (system) user consuming the configurations file.

This addresses the following gosec warning:

    [/go/src/github.com/ceph/ceph-csi/internal/util/cephconf.go:52] - G306 (CWE-): Expect WriteFile permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
      > ioutil.WriteFile(CephConfigPath, cephConfig, 0640)

Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos 2020-06-30 11:34:01 +02:00 committed by mergify[bot]
parent 16c4e33b09
commit 30dc83c3bb

View File

@ -49,7 +49,7 @@ func WriteCephConfig() error {
return err
}
err := ioutil.WriteFile(CephConfigPath, cephConfig, 0640)
err := ioutil.WriteFile(CephConfigPath, cephConfig, 0600)
if err != nil {
return err
}