The secret key that encrypts the backups should not be world readable.

[hjjg]

umask at the creation of the key plus migration.py-function to fix permission in existing installations.

[JoshData]

Hello & thanks!

Could you re-do this with the umask technique we use here:

https://github.com/mail-in-a-box/mailinabox/blob/master/setup/dns.sh#L43

This is more secure by ensuring the file is created initially with the correct permissions, rather than opening a small window when it has incorrect permissions.

The fix for existing installations should really go in the migrate script so that we don't clutter the setup script.

[hjjg]

How about that? ;)

[JoshData]

Fantastic. Did you test both parts? (Hoping to avoid testing myself before merging.)

[hjjg]

I did not test the complete scripts but the individual lines of code. Both worked fine (i.e. possible namespace issues, syntax..)

[hjjg]

I think you should also notify users that there secret key could be compromised.

[JoshData]

The threat model for this project assumes that only trusted users have local access, so absent some other problem there's no real problem.

[JoshData]

The management part doesn't work. If you run setup.sh on your own box again you'll see it sets incorrect/crazy permissions.

[hjjg]

The bug was at the migrate.py script. It works now. It's a different behaviour in Python 3 that caused this. Most of my scripts are in Python 2 :)

[JoshData]

Thanks!