Change the access permission of cipher_pass file from 644 to 640 (-rw-r-----)

nmoray · nmoray · commit b3babbdf0016 · 2024-02-01T01:25:38.000-08:00
diff --git a/src/sonic-py-common/sonic_py_common/security_cipher.py b/src/sonic-py-common/sonic_py_common/security_cipher.py
@@ -37,6 +37,7 @@ def __init__(self):
                 with open(self._file_path, 'w') as file:
                     file.writelines("#Auto generated file for storing the encryption passwords\n")
                     file.writelines("TACPLUS : \nRADIUS : \nLDAP :\n")
+                    os.chmod(self._file_path, 0o640)
             self._initialized = True
 
     # Write cipher_pass file
@@ -52,8 +53,10 @@ def __write_passwd_file(self, feature_type, passwd):
                     # Update the password for given feature
                     lines[self._feature_list.index(feature_type)] = feature_type + ' : ' + passwd + '\n'
 
+                    os.chmod(self._file_path, 0o777)
                     with open(self._file_path, 'w') as file:
                         file.writelines(lines)
+                    os.chmod(self._file_path, 0o640)
             except FileNotFoundError:
                 syslog.syslog(syslog.LOG_ERR, "__write_passwd_file: File {} no found".format(self._file_path))
             except PermissionError:
@@ -69,12 +72,13 @@ def __read_passwd_file(self, feature_type):
 
         if feature_type in self._feature_list:
            try:
+               os.chmod(self._file_path, 0o644)
                with open(self._file_path, "r") as file:
                    lines = file.readlines()
                    for line in lines:
                        if feature_type in line:
                            passwd = line.split(' : ')[1]
-
+               os.chmod(self._file_path, 0o640)
            except FileNotFoundError:
                 syslog.syslog(syslog.LOG_ERR, "__read_passwd_file: File {} no found".format(self._file_path))
            except PermissionError:
