Rocket.Chat Electron creates config files with overly permissive file permissions (0666) #3147
Description
Search before asking
- I had searched in the issues and found no similar issues.
Operating System
- macOS
- Windows
- Linux
Operating System Version
Ubuntu 24.04.03
It happens on the web browser too?
No, it just happens on the Desktop app
Rocket.Chat Desktop App Version
4.9.2
Rocket.Chat Server Version
7.10.4
Describe the bug
The Rocket.Chat Electron client creates configuration files in ~/.config/Rocket.Chat/ with overly permissive file permissions. The files are created with mode 0666 (rw-rw-rw-), which means they are world-writable. This is unexpected and can be considered a security issue, as other local users can modify these configuration files.
How to Reproduce
Install app and check file permissions.
$ ls -lh ~/.config/Rocket.Chat/config.json ~/.config/Rocket.Chat/supportedVersions.json
-rw-rw-rw- 1 USER GROUP 22K Nov 27 09:24 ~/.config/Rocket.Chat/config.json
-rw-rw-rw- 1 USER GROUP 13K Nov 27 07:53 ~/.config/Rocket.Chat/supportedVersions.json
Describe your Expected behavior
Configuration files should have more restrictive permissions, typically 0600 or 0640, depending on whether group access is required.