[Fix]: Restrict password file permissions to 600 pam-ipmi is already updated restrict file permission of /etc/key_file & /etc/ipmi_pass to 600 during creation. But this won't affect when firmware is updated with nv section preserved or without user credentials getting changed. This commit will check the file permission on every boot and update both the files to 600. Tested: 1. Verified that RMCP+ connection still works after this change 2. Manually set file permission to 777 and restrating ipmid or BMC will fix the same. Change-Id: Icfe8af5af918792412fb42e8114fcf859848e1a8 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

commit: 6ba8d31525130dbb5ef5b60336993ef7b50a8f51 [log] [tgz]
author: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Fri Apr 10 23:52:50 2020 +0530
committer: Vernon Mauery <vernon.mauery@linux.intel.com> Wed Apr 15 19:58:09 2020 +0000
tree: 1b70707cf02aa67fa96b9c27354c0b53d6ff2b5a
parent: b265455a2518ece7c004b43c144199ec980fc620 [diff] [blame]
diff --git a/user_channel/passwd_mgr.hpp b/user_channel/passwd_mgr.hpp
index a444522..ed76efa 100644
--- a/user_channel/passwd_mgr.hpp
+++ b/user_channel/passwd_mgr.hpp

@@ -63,6 +63,11 @@
     using Password = std::string;
     std::unordered_map<UserName, Password> passwdMapList;
     std::time_t fileLastUpdatedTime;
+
+    /** @brief restrict file permission
+     *
+     */
+    void restrictFilesPermission(void);
     /** @brief check timestamp and reload password map if required
      *
      */
commit	6ba8d31525130dbb5ef5b60336993ef7b50a8f51	[log] [tgz]
author	Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>	Fri Apr 10 23:52:50 2020 +0530
committer	Vernon Mauery <vernon.mauery@linux.intel.com>	Wed Apr 15 19:58:09 2020 +0000
tree	1b70707cf02aa67fa96b9c27354c0b53d6ff2b5a
parent	b265455a2518ece7c004b43c144199ec980fc620 [diff] [blame]