Tighten permissions on confluent config files

Prior to copying them, make sure only root can interact. The directory should protect them as well, but best to not have anything controversial.
2025-09-29 13:38:13 +00:00 · 2020-05-19 10:51:32 -04:00
parent 5f63875cae
commit 66f0e8225e
1 changed files with 1 additions and 0 deletions
--- a/confluent_osdeploy/suse15/profiles/hpc/scripts/post.sh
+++ b/confluent_osdeploy/suse15/profiles/hpc/scripts/post.sh
@@ -40,6 +40,7 @@ cp /tmp/allnodes /mnt/etc/ssh/shosts.equiv
 # carry over deployment configuration and api key for OS install action
 mkdir -p /mnt/etc/confluent
 chmod 700 /mnt/etc/confluent
+chmod 600 /tmp/confluent.*
 cp /tmp/confluent.* /mnt/etc/confluent/
 cp -a /tls /mnt/etc/confluent/
 cp -a /tls/* /mnt/var/lib/ca-certificates/openssl