Default UNIX permissions on ~/.abra/servers are too open #580

New Issue

Closed

opened 2025-06-26 22:09:03 +00:00 by 3wordchant · 1 comment

3wordchant commented 2025-06-26 22:09:03 +00:00

Owner

Copy Link

Thanks @voltrate for the report.

Default UNIX permissions on ~/.abra/servers are 644, which means other system users can read files there. Given that some recipes store secrets in .env files, this may not be ideal. Changing to 600 seems like it would improve security, for no reduction in usability that I can think of.

Thanks @voltrate for the report. Default UNIX permissions on `~/.abra/servers` are `644`, which means other system users can read files there. Given that some recipes store secrets in `.env` files, this may not be ideal. Changing to `600` seems like it would improve security, for no reduction in usability that I can think of.

👍 2

3wordchant added the

bug

label 2025-06-26 22:09:03 +00:00

decentral1se self-assigned this 2025-07-08 09:58:37 +00:00

decentral1se added this to the Abra v0.11.x project 2025-07-08 10:06:51 +00:00

decentral1se referenced this issue from a commit 2025-08-12 21:03:02 +00:00

fix: ensure $ABRA_DIR/servers is 0600

decentral1se referenced this issue 2025-08-12 21:04:19 +00:00

fix: ensure $ABRA_DIR/servers is 0600 #592

decentral1se moved this to In Progress in Abra v0.11.x on 2025-08-12 21:15:42 +00:00

decentral1se referenced this issue from a commit 2025-08-17 09:17:03 +00:00

fix: ensure $ABRA_DIR/servers is 0600

decentral1se closed this issue 2025-08-17 09:17:06 +00:00

decentral1se moved this to Done in Abra v0.11.x on 2025-08-17 09:18:44 +00:00

decentral1se referenced this issue from a commit 2025-08-17 12:04:25 +00:00

fix: $ABRA_DIR/servers=0700, $ABRA_DIR/servers/foo=0600

decentral1se commented 2025-08-17 12:06:45 +00:00

Owner

Copy Link

Woops, abra needs +x to create subdirs like ~/.abra/servers/foo. I changed it to 0700. We can keep 0600 for subdirs because we only have .env files there afterwards. See #599 for more chaos 🤸 Wow, got that wrong again, even subdirs need 0700 8a3be01c3e

Woops, `abra` needs `+x` to create subdirs like `~/.abra/servers/foo`. I changed it to `0700`. ~~We can keep `0600` for subdirs because we only have `.env` files there afterwards. See https://git.coopcloud.tech/toolshed/abra/pulls/599 for more chaos 🤸~~ Wow, got that wrong again, even subdirs need `0700` https://git.coopcloud.tech/toolshed/abra/commit/8a3be01c3efaaf999a06aca01f31ec14277a0a8a

decentral1se referenced this issue 2025-08-17 12:06:53 +00:00

fix: `$ABRA_dir/servers` stricter permissions (again) #599

decentral1se referenced this issue from a commit 2025-08-17 12:14:13 +00:00

fix: $ABRA_DIR/servers subdirs also 0700

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

0.11.0-beta

0.10.1-beta

0.10.0-beta

0.10.0-rc2-beta

0.10.0-rc1-beta

0.9.0-beta

0.8.1-beta

0.8.0-beta

0.8.0-rc2-beta

0.8.0-rc1-beta

0.7.0-beta

0.7.0-rc3-beta

0.7.0-rc2-beta

0.6.0-beta

0.5.1-beta

0.5.0-alpha

0.4.1-alpha

0.4.0-alpha

0.4.0-alpha-rc8

0.4.0-alpha-rc7

0.4.0-alpha-rc6

0.4.0-alpha-rc5

0.4.0-alpha-rc4

0.4.0-alpha-rc3

0.4.0-alpha-rc2

0.4.0-alpha-rc1

0.3.1-alpha-rc2

0.3.1-alpha-rc1

0.3.1-rc1

0.3.0-alpha

0.2.2-alpha

0.2.1-alpha

0.2.0-alpha

0.1.8-alpha

0.1.7-alpha

0.1.6-alpha

0.1.5-alpha

0.1.4-alpha

0.1.3-alpha

0.1.2-alpha

0.1.1-alpha

0.1.0-alpha

10.0.5

10.0.3

10.0.2

10.0.1

10.0.0

9.0.0

8.0.1

8.0.0

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

checkout

0.6.0

0.5.0

0.4.1

0.4.0

0.3.1

0.3.0

0.2.0

0.1.2

0.1.1

0.1.0

Labels

Clear labels

bug

Something is not working

build

go build related issues

ci/cd

Building things with CI/CD

critical fix

https://docs.coopcloud.tech/federation/resolutions/passed/010/

design

UI/UX

documentation

Documenting all the things

duplicate

This issue or pull request already exists

easy-first-issue

Something for new people to get stuck into. We hope it's easy!

enhancement

New feature

help wanted

Need some help

i10n

Everything to do with localisation

i18n

Everything to do with internationalisation

invalid

Something is wrong

question

More information is needed

release

Release management

release-candidate

Related to the new release candidate

security

Security related

test

Unit/integration testing

wontfix

This won't be fixed

No Label

bug

Milestone

No items

No Milestone

Projects

Clear projects

No project Abra v0.11.x

Assignees

Clear assignees

3wordchant aadil abra-bot ammaratef45 Apfelwurm carla cas coopcloud cyrnel decentral1se fauno iexos jmakdah2 kawaiipunk knoflook kolaente lambdabundesverband moritz p4u1 renovate-bot ripclap simon sixsmith trav val yksflip

No Assignees decentral1se

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: toolshed/abra#580

No description provided.