init set config.py perms to 0600, otherwise warn user if config.py is not

Since config.py contains passwords in it, it should be protected as much as
possible.  At the very least, the file permissions should be 0600 to
restrict access to user that actually edits and runs 'fdroid' commands.

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 5f72f8350be0043268c0b482c69e9a3b06d10ae4..1f86a69d84c99b2e334dd0ee382875019cdf49b5 100644 (file)
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -19,6 +19,7 @@
 
 import glob, os, sys, re
 import shutil
+import stat
 import subprocess
 import time
 import operator
@@ -43,6 +44,9 @@ def read_config(opts, config_file='config.py'):
     if not os.path.isfile(config_file):
         print "Missing config file - is this a repo directory?"
         sys.exit(2)
+    st = os.stat(config_file)
+    if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
+        print("WARNING: unsafe permissions on config.py (should be 0600)!")
 
     options = opts
     if not hasattr(options, 'verbose'):

diff --git a/fdroidserver/init.py b/fdroidserver/init.py
index 82e533ed554ca32514af1fa6c37c6791ca59eaf2..091255517670bcf8678af6bb07360d60cba0c031 100644 (file)
--- a/fdroidserver/init.py
+++ b/fdroidserver/init.py
@@ -109,6 +109,7 @@ def main():
         os.mkdir('repo')
         shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), repodir)
         shutil.copyfile(os.path.join(examplesdir, 'config.sample.py'), 'config.py')
+        os.chmod('config.py', 0o0600)
     else:
         print('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
         sys.exit()