Skip to content
This repository was archived by the owner on Feb 20, 2020. It is now read-only.
This repository was archived by the owner on Feb 20, 2020. It is now read-only.

Read-only signingKeyLocation file #131

Description

@SimonSapin

On a macOS worker, in an attempt to reduce unneeded permissions given to tasks, I tried to make as many configuration files as possible owned by root with the user running generic-worker only granted read accoss through a Unix group.

This fails, I assume because generic-worker tries to take ownership of the file configured through signingKeyLocation:

err = os.Chown(
config.SigningKeyLocation,
uid,
gid,
)

2018/11/12 14:12:50  *********** PANIC occurred! *********** 
2018/11/12 14:12:50 chown /etc/generic-worker/key: operation not permitted

Would it be acceptable to not try to take ownership and only check that the file is not world-readable?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions