diff options
| -rw-r--r-- | phosphor-ldap-config/ldap_configuration.cpp | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp index c84927d..4bbcbed 100644 --- a/phosphor-ldap-config/ldap_configuration.cpp +++ b/phosphor-ldap-config/ldap_configuration.cpp @@ -69,6 +69,8 @@ void Config::delete_() void Config::writeConfig() { std::stringstream confData; + auto isPwdTobeWritten = false; + confData << "uid root\n"; confData << "gid root\n\n"; confData << "ldap_version 3\n\n"; @@ -82,6 +84,7 @@ void Config::writeConfig() if (!lDAPBINDDNpassword().empty()) { confData << "bindpw " << lDAPBINDDNpassword() << "\n"; + isPwdTobeWritten = true; } confData << "\n"; switch (lDAPSearchScope()) @@ -137,6 +140,20 @@ void Config::writeConfig() try { std::fstream stream(configFilePath.c_str(), std::fstream::out); + // remove the read permission from others if password is being written. + // nslcd forces this behaviour. + auto permission = fs::perms::owner_read | fs::perms::owner_write | + fs::perms::group_read; + if (isPwdTobeWritten) + { + fs::permissions(configFilePath, permission); + } + else + { + fs::permissions(configFilePath, + permission | fs::perms::others_read); + } + stream << confData.str(); stream.flush(); stream.close(); |
