[Fix]: Restrict password file permissions to 600
pam-ipmi is already updated restrict file permission of /etc/key_file
& /etc/ipmi_pass to 600 during creation. But this won't affect when firmware
is updated with nv section preserved or without user credentials getting
changed. This commit will check the file permission on every boot and update
both the files to 600.
Tested:
1. Verified that RMCP+ connection still works after this change
2. Manually set file permission to 777 and restrating ipmid or BMC
will fix the same.
Change-Id: Icfe8af5af918792412fb42e8114fcf859848e1a8
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/user_channel/passwd_mgr.hpp b/user_channel/passwd_mgr.hpp
index a444522..ed76efa 100644
--- a/user_channel/passwd_mgr.hpp
+++ b/user_channel/passwd_mgr.hpp
@@ -63,6 +63,11 @@
using Password = std::string;
std::unordered_map<UserName, Password> passwdMapList;
std::time_t fileLastUpdatedTime;
+
+ /** @brief restrict file permission
+ *
+ */
+ void restrictFilesPermission(void);
/** @brief check timestamp and reload password map if required
*
*/