Update file permissions (#2499)

## Issue Addressed Resolves #2438 Resolves #2437 ## Proposed Changes Changes the permissions for validator client http server api token file and secret key to 600 from 644. Also changes the permission for logfiles generated using the `--logfile` cli option to 600. Logs the path to the api token instead of the actual api token. Updates docs to reflect the change.
2026-05-07 08:52:54 +00:00 · 2021-09-03 02:41:10 +00:00
parent 50321c6671
commit 6f18f95893
7 changed files with 38 additions and 17 deletions
--- a/lighthouse/environment/Cargo.toml
+++ b/lighthouse/environment/Cargo.toml
@@ -19,6 +19,7 @@ futures = "0.3.7"
 parking_lot = "0.11.0"
 slog-json = "2.3.0"
 exit-future = "0.2.0"
+filesystem = {"path" = "../../common/filesystem"}

 [target.'cfg(not(target_family = "unix"))'.dependencies]
 ctrlc = { version = "3.1.6", features = ["termination"] }
--- a/lighthouse/environment/src/lib.rs
+++ b/lighthouse/environment/src/lib.rs
@@ -9,6 +9,7 @@

 use eth2_config::Eth2Config;
 use eth2_network_config::Eth2NetworkConfig;
+use filesystem::restrict_file_permissions;
 use futures::channel::mpsc::{channel, Receiver, Sender};
 use futures::{future, StreamExt};

@@ -169,6 +170,9 @@ impl<E: EthSpec> EnvironmentBuilder<E> {
            .open(&path)
            .map_err(|e| format!("Unable to open logfile: {:?}", e))?;

+        restrict_file_permissions(&path)
+            .map_err(|e| format!("Unable to set file permissions for {:?}: {:?}", path, e))?;
+
        // Setting up the initial logger format and building it.
        let drain = if let Some(format) = log_format {
            match format.to_uppercase().as_str() {