allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brondsema" <>
Subject [allura:tickets] #8127 Fix how we write the .google_authenticator file
Date Fri, 09 Sep 2016 19:29:40 GMT


** [tickets:#8127] Fix how we write the .google_authenticator file**

**Status:** review
**Milestone:** unreleased
**Labels:** security 
**Created:** Fri Sep 09, 2016 07:29 PM UTC by Dave Brondsema
**Last Updated:** Fri Sep 09, 2016 07:29 PM UTC
**Owner:** Dave Brondsema

The google authenticator PAM module will write the `.google_authenticator` files with permission
`400 (-r--------)` and then Allura can't write to it.  We also need to write it with `400`
or `600` perms, so it is secure for PAM to use it afterwards.  And best to do it atomically,
with a file rename operation.


Sent from because is subscribed to

To unsubscribe from further messages, a project admin can change settings at
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message