Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-09-28 21:53:55 +02:00
Allow custom umask setting (#4896)
To provide a way to add more security regarding file/folder permissions this PR adds a way to allow setting a custom `UMASK` variable. This allows people to set a more secure default like only allowing the owner the the process/container to read/write files and folders. Examples: - `UMASK=022` File: 644 | Folder: 755 (Default of the containers) This means Owner read/write and group/world read-only - `UMASK=027` File: 640 | Folder: 750 This means Owner read/write, group read-only, world no access - `UMASK=077` File: 600 | Folder: 700 This measn Owner read/write and group/world no access resolves #4571 Signed-off-by: BlackDex <black.dex@gmail.com>
Dieser Commit ist enthalten in:
Mathijs van Veluw
GitHub
Ursprung
2b824e8096
Commit
92f1530e96
1 geänderte Dateien mit 4 neuen und 0 gelöschten Zeilen
|
|
@ -1,5 +1,9 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ -n "${UMASK}" ]; then
|
||||||
|
umask "${UMASK}"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -r /etc/vaultwarden.sh ]; then
|
if [ -r /etc/vaultwarden.sh ]; then
|
||||||
. /etc/vaultwarden.sh
|
. /etc/vaultwarden.sh
|
||||||
elif [ -r /etc/bitwarden_rs.sh ]; then
|
elif [ -r /etc/bitwarden_rs.sh ]; then
|
||||||
|
|
|
||||||
Laden …
In neuem Issue referenzieren