Allow only root user to access certificates This change is to cater allowing only root user to read/write certificates. Users with ReadOnly and Callback privilege will not be allowed to access the certificate folder At present setting 700 permission for the certificate folder. Tested: 1) Verified ldap certificate at /etc/nslcd/certs is not accessible to read only users. 2) Verified https certificate at /etc/ssl/certs/https is not accessible to read only users 3) verfied authority certificate at /etc/ssl/certs/ is not accessible to read only users. Change-Id: I20acb1bf449f64282c6b692bd7063dcdedbd311d Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

commit: 667286e4f7dc31a9ab786307092919901adccbb5 [log] [tgz]
author: Marri Devender Rao <devenrao@in.ibm.com> Tue Oct 29 03:22:46 2019 -0500
committer: Jayanth Othayoth <ojayanth@in.ibm.com> Mon Nov 11 07:16:23 2019 +0000
tree: 15c694a9848e4fc000905b011610ca6904cec83a
parent: a3bb38fb26716fadbe65ac234776e5e86409a121 [diff]
diff --git a/certs_manager.cpp b/certs_manager.cpp
index a134044..6469f2a 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp

@@ -40,6 +40,10 @@
         {
             fs::create_directories(certParentInstallPath);
         }
+        auto permission = fs::perms::owner_read | fs::perms::owner_write |
+                          fs::perms::owner_exec;
+        fs::permissions(certParentInstallPath, permission,
+                        fs::perm_options::replace);
     }
     catch (fs::filesystem_error& e)
     {
commit	667286e4f7dc31a9ab786307092919901adccbb5	[log] [tgz]
author	Marri Devender Rao <devenrao@in.ibm.com>	Tue Oct 29 03:22:46 2019 -0500
committer	Jayanth Othayoth <ojayanth@in.ibm.com>	Mon Nov 11 07:16:23 2019 +0000
tree	15c694a9848e4fc000905b011610ca6904cec83a
parent	a3bb38fb26716fadbe65ac234776e5e86409a121 [diff]