Do not allow any user to read the generated SSL key/crt

We need to maintain the feature of being able to run the container as any user ID, so we cannot just leave the user to have read permissions for the generated key and certificate. However, there seems to be no use case for having the permissions for reading for other users. While being a different user inside a container might be not relevant anyway in the container case, let's rather be super cautious and remove the read permissions that are not needed.
sclorg · Dec 15, 2023 · ba887da · ba887da
1 parent 9276296
commit ba887da
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/2.4/root/usr/share/container-scripts/httpd/common.sh b/2.4/root/usr/share/container-scripts/httpd/common.sh
@@ -57,8 +57,8 @@ root@${fqdn}
 EOF
    fi
 
-   chmod 644 ${sslcert}
-   chmod 644 ${sslkey}
+   chmod 640 ${sslcert}
+   chmod 640 ${sslkey}
 }
 
 config_general() {