From bc9ca47e3e8b3fd81129431ac4be438b4b859ba9 Mon Sep 17 00:00:00 2001
From: Matteo Settenvini <matteo.settenvini@montecristosoftware.eu>
Date: Sat, 2 Jul 2022 19:45:24 +0200
Subject: [PATCH] Restrict permissions to credentials file on creation

---
 src/config/credentials.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/config/credentials.rs b/src/config/credentials.rs
index 8673c2c..53c15a3 100644
--- a/src/config/credentials.rs
+++ b/src/config/credentials.rs
@@ -112,6 +112,14 @@ impl Credentials {
     }
 
     fn write_back(&self) -> Result<()> {
+        #[cfg(unix)]
+        use std::os::unix::fs::PermissionsExt;
+
+        if !self.config_file.exists() {
+            let f = std::fs::File::create(&self.config_file)?;
+            #[cfg(unix)]
+            f.metadata()?.permissions().set_mode(0o600);
+        }
         std::fs::write(&self.config_file, toml::to_string(self)?)?;
         Ok(())
     }