From da07c36d6bae78fbf2f634eaa95f39de03d96448 Mon Sep 17 00:00:00 2001 From: Jonathan Rascher Date: Sun, 3 Apr 2022 00:34:33 -0500 Subject: [PATCH] (docs) Recommend umask for passphrase file perms The previous sample for creating a ~/.borg-passphrase file creates it first and then chmod's it to 400 permissions. That's probably fine in practice, but means there's a tiny window where the passphrase file is sitting with default permissions (likely world readable, depending on the system umask). It seems safer to first change the umask to remove all group & world bits (0077) _before_ creating the file. To be polite and avoid messing with the user's previous umask, we do this in a subshell. (Note that umask 0077 leads to a mode of 600 rather than the previous 400, because removing the owner write bit doesn't seem to buy much since the owner can just chmod the file anyway.) --- docs/faq.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/faq.rst b/docs/faq.rst index b3c3d7317..bbf81f15b 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -569,8 +569,7 @@ Using ``BORG_PASSCOMMAND`` with a properly permissioned file directory and use permissions to keep anyone else from reading it. For example, first create a key:: - head -c 32 /dev/urandom | base64 -w 0 > ~/.borg-passphrase - chmod 400 ~/.borg-passphrase + (umask 0077; head -c 32 /dev/urandom | base64 -w 0 > ~/.borg-passphrase) Then in an automated script one can put::