From 30dc83c3bbaefb1f78c3c56ea81016729c3154bf Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Tue, 30 Jun 2020 11:34:01 +0200
Subject: [PATCH] util: create ceph.conf with 0600 permissions

The generated ceph.conf does not need readable by the group, there is
only one (system) user consuming the configurations file.

This addresses the following gosec warning:

    [/go/src/github.com/ceph/ceph-csi/internal/util/cephconf.go:52] - G306 (CWE-): Expect WriteFile permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
      > ioutil.WriteFile(CephConfigPath, cephConfig, 0640)

Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 internal/util/cephconf.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/util/cephconf.go b/internal/util/cephconf.go
index 42cbaf727..3276269e1 100644
--- a/internal/util/cephconf.go
+++ b/internal/util/cephconf.go
@@ -49,7 +49,7 @@ func WriteCephConfig() error {
 		return err
 	}
 
-	err := ioutil.WriteFile(CephConfigPath, cephConfig, 0640)
+	err := ioutil.WriteFile(CephConfigPath, cephConfig, 0600)
 	if err != nil {
 		return err
 	}