pki: make certificates only readable to group and others

even though we copy these to hosts it's not a good idea to allow them to be overwritten by a random user
oVirt · Jul 26, 2022 · 75b3573 · 75b3573
1 parent f298860
commit 75b3573
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packaging/bin/pki-enroll-request.sh b/packaging/bin/pki-enroll-request.sh
@@ -37,7 +37,7 @@ sign() {
 		-utf8 \
 		${EXTRA_COMMAND} \
 		|| die "Cannot sign certificate"
-	chmod a+r "${cert}" || die "Cannot set certificate permissions"
+	chmod a+r,go-wx "${cert}" || die "Cannot set certificate permissions"
 
 	return 0
 }