[POA-1907] Update permissions of ec2 systemd files (#45)

mudit-postman · web-flow · commit 0c257a3af9de · 2024-11-09T01:11:32.000+05:30
* Added a new step in the file creation process to change the permission
of files to 600, i.e., the file is only readable and writable to owners
* This is to avoid exposure of sensitive data to other users.
* Added the step in `templateUtils.go` instead of making it
EC2-specific.
diff --git a/cmd/internal/ec2/add.go b/cmd/internal/ec2/add.go
@@ -216,7 +216,8 @@ func configureSystemdFiles(projectID string) error {
 		envFiledata.PostmanEnv = env
 	}
 
-	err = util.GenerateAndWriteTemplateFile(envFileFS, envFileTemplateName, envFileBasePath, envFileName, envFiledata)
+	// Generate and write the env file, with permissions 0600 (read/write for owner only)
+	err = util.GenerateAndWriteTemplateFile(envFileFS, envFileTemplateName, envFileBasePath, envFileName, 0600, envFiledata)
 	if err != nil {
 		return err
 	}
@@ -233,7 +234,8 @@ func configureSystemdFiles(projectID string) error {
 		AgentInstallPath: agentInstallPath,
 	}
 
-	err = util.GenerateAndWriteTemplateFile(serviceFileFS, serviceFileTemplateName, serviceFileBasePath, serviceFileName, serviceFileData)
+	// Generate and write the service file, with permissions 0600 (read/write for owner only)
+	err = util.GenerateAndWriteTemplateFile(serviceFileFS, serviceFileTemplateName, serviceFileBasePath, serviceFileName, 0600, serviceFileData)
 	if err != nil {
 		return err
 	}
diff --git a/util/templateUtils.go b/util/templateUtils.go
@@ -14,6 +14,7 @@ func GenerateAndWriteTemplateFile(
 	templateName string,
 	fileDirectory string,
 	fileName string,
+	filePermissions os.FileMode,
 	data interface{},
 ) error {
 	// Parse the template file
@@ -29,16 +30,18 @@ func GenerateAndWriteTemplateFile(
 		return errors.Wrapf(err, "Failed to create %s directory\n", fileDirectory)
 	}
 
-	// Create the file
-	file, err := os.Create(fileDirectory + fileName)
+	// Create the file with the given permissions
+	file, err := os.OpenFile(fileDirectory+fileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC, filePermissions)
 	if err != nil {
-		return errors.Wrapf(err, "Failed to create %s file in %s directory\n", fileName, fileDirectory)
+		return errors.Wrapf(err, "Failed to create %s file in %s directory with permissions %d\n", fileName, fileDirectory, filePermissions)
 	}
+	defer file.Close()
 
 	// Write the data to the file
 	err = tmpl.Execute(file, data)
 	if err != nil {
 		return errors.Wrapf(err, "Failed to write values to %s file\n", fileName)
 	}
+
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -216,7 +216,8 @@ func configureSystemdFiles(projectID string) error {`
`216`	`216`	`envFiledata.PostmanEnv = env`
`217`	`217`	`}`
`218`	`218`
`219`		`- err = util.GenerateAndWriteTemplateFile(envFileFS, envFileTemplateName, envFileBasePath, envFileName, envFiledata)`
	`219`	`+ // Generate and write the env file, with permissions 0600 (read/write for owner only)`
	`220`	`+ err = util.GenerateAndWriteTemplateFile(envFileFS, envFileTemplateName, envFileBasePath, envFileName, 0600, envFiledata)`
`220`	`221`	`if err != nil {`
`221`	`222`	`return err`
`222`	`223`	`}`
`@@ -233,7 +234,8 @@ func configureSystemdFiles(projectID string) error {`
`233`	`234`	`AgentInstallPath: agentInstallPath,`
`234`	`235`	`}`
`235`	`236`
`236`		`- err = util.GenerateAndWriteTemplateFile(serviceFileFS, serviceFileTemplateName, serviceFileBasePath, serviceFileName, serviceFileData)`
	`237`	`+ // Generate and write the service file, with permissions 0600 (read/write for owner only)`
	`238`	`+ err = util.GenerateAndWriteTemplateFile(serviceFileFS, serviceFileTemplateName, serviceFileBasePath, serviceFileName, 0600, serviceFileData)`
`237`	`239`	`if err != nil {`
`238`	`240`	`return err`
`239`	`241`	`}`