Commits

Jason R. Coombs committed c50eac6

File System backends now create files without group and world permissions. Fixes #67.

Comments (0)

Files changed (2)

 * Removed CryptedFileKeyring migration support. To maintain an existing
   CryptedFileKeyring, one must first upgrade to 0.9.2 or later and access the
   keyring before upgrading to 1.0 to retain the existing keyring.
+* File System backends now create files without group and world permissions.
+  Fixes #67.
 
 ------
 0.10.1

keyring/backend.py

 
         # load the keyring from the disk
         config = configparser.RawConfigParser()
-        if os.path.exists(self.file_path):
-            config.read(self.file_path)
+        config.read(self.file_path)
 
         # update the keyring with the password
         if not config.has_section(service):
             config_file.close()
 
     def _ensure_file_path(self):
-        """ensure the storage path exists"""
+        """
+        Ensure the storage path exists.
+        If it doesn't, create it with "go-rwx" permissions.
+        """
         storage_root = os.path.dirname(self.file_path)
         if storage_root and not os.path.isdir(storage_root):
             os.makedirs(storage_root)
+        if not os.path.isfile(self.file_path):
+            # create the file without group/world permissions
+            with open(self.file_path, 'w'):
+                pass
+            user_read_write = 0600
+            os.chmod(self.file_path, user_read_write)
 
 
 class UncryptedFileKeyring(BasicFileKeyring):