sqitch.conf file permission mask

[fluca1978]

Using sqitch 1.4.1 from CPAN.
I noted that sqitch.conf has default read permission for everyone:

% sqitch --version
sqitch (App::Sqitch) v1.4.1

 % ls -l sqitch.conf
-rw-rw-r-- 1 luca luca 222 nov 19 09:41 sqitch.conf

Apparently the application is working even if permissions are set for only the user, thus:

% chmod 600 sqitch.conf

Shouldn't this be default permission mask since sqitch.conf could possibly contain connection passwords?

[theory]

Never thought about it. It defaults to whatever the current directory's umask is.

[theory]

Looks like Config::GitLike, which creates the file, does not have any support for custom permissions:

    sysopen(my $fh, "${filename}.lock", O_CREAT|O_EXCL|O_WRONLY)
        or die "Can't open ${filename}.lock for writing: $!\n";

Looks like it would require another attribute on the object, similar to encoding, to specify permissions to pass as the fourth argument to sysopen, something like:

sysopen(my $fh, "${filename}.lock", O_CREAT|O_EXCL|O_WRONLY, $self->permissions || 0666)

If they added such an option I'd be happy to use it in Sqitch.