Set read-only permissions on authorized_keys file (#13)

antoinedeschenes · web-flow · commit 5d41e8623de3 · 2020-05-02T13:40:45.000+03:00
Prevents users from modifying keys via SFTP.
diff --git a/src/ES.SFTP.Host/Orchestrator.cs b/src/ES.SFTP.Host/Orchestrator.cs
@@ -416,7 +416,7 @@ await ProcessUtil.QuickRun("chown",
                 authKeysBuilder.AppendLine(await File.ReadAllTextAsync(file));
             await File.WriteAllTextAsync(sshAuthKeysPath, authKeysBuilder.ToString());
             await ProcessUtil.QuickRun("chown", $"{user.Username} {sshAuthKeysPath}");
-            await ProcessUtil.QuickRun("chmod", $"600 {sshAuthKeysPath}");
+            await ProcessUtil.QuickRun("chmod", $"400 {sshAuthKeysPath}");
         }
 
         

Original file line number	Diff line number	Diff line change
`@@ -416,7 +416,7 @@ await ProcessUtil.QuickRun("chown",`
`416`	`416`	`authKeysBuilder.AppendLine(await File.ReadAllTextAsync(file));`
`417`	`417`	`await File.WriteAllTextAsync(sshAuthKeysPath, authKeysBuilder.ToString());`
`418`	`418`	`await ProcessUtil.QuickRun("chown", $"{user.Username} {sshAuthKeysPath}");`
`419`		`- await ProcessUtil.QuickRun("chmod", $"600 {sshAuthKeysPath}");`
	`419`	`+ await ProcessUtil.QuickRun("chmod", $"400 {sshAuthKeysPath}");`
`420`	`420`	`}`
`421`	`421`
`422`	`422`