From 67446f716b012b6a0ee0a1b9a297ffd6b8bae46b Mon Sep 17 00:00:00 2001
From: "lambroslambrou@chromium.org"
 <lambroslambrou@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Sat, 20 Oct 2012 02:00:17 +0000
Subject: Apply correct permissions to config when enabling Chromoting host on
 Mac

BUG=152811


Review URL: https://chromiumcodereview.appspot.com/11183082

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@163127 0039d316-1c4b-4281-b951-d872f2087c98
---
 .../mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh    | 5 +++++
 remoting/host/installer/mac/Scripts/remoting_postflight.sh        | 8 --------
 2 files changed, 5 insertions(+), 8 deletions(-)

(limited to 'remoting/host')

diff --git a/remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh b/remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh
index 3337b2e..62577d4 100755
--- a/remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh
+++ b/remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh
@@ -81,7 +81,12 @@ if [[ "$1" = "--disable" ]]; then
   rm -f "$ENABLED_FILE"
 elif [[ "$1" = "--enable" ]]; then
   echo $$
+  # Ensure the config file is private whilst being written.
+  rm -f "$CONFIG_FILE"
+  umask 0077
   cat > "$CONFIG_FILE"
+  # Ensure the config is readable by the user registering the host.
+  chmod +a "$USER:allow:read" "$CONFIG_FILE"
   touch "$ENABLED_FILE"
 elif [[ "$1" = "--save-config" ]]; then
   echo $$
diff --git a/remoting/host/installer/mac/Scripts/remoting_postflight.sh b/remoting/host/installer/mac/Scripts/remoting_postflight.sh
index af89c33..6016fca 100755
--- a/remoting/host/installer/mac/Scripts/remoting_postflight.sh
+++ b/remoting/host/installer/mac/Scripts/remoting_postflight.sh
@@ -28,14 +28,6 @@ function onexit {
 
 logger Running Chrome Remote Desktop postflight script @@VERSION@@
 
-# Create auth file (with correct owner and permissions) if it doesn't already
-# exist.
-if [[ ! -f "$CONFIG_FILE" ]]; then
-  touch "$CONFIG_FILE"
-  chmod 600 "$CONFIG_FILE"
-  chmod +a "$USER:allow:read" "$CONFIG_FILE"
-fi
-
 # If there is a backup _enabled file, re-enable the service.
 if [[ -f "$ENABLED_FILE_BACKUP" ]]; then
   mv "$ENABLED_FILE_BACKUP" "$ENABLED_FILE"
-- 
cgit v1.1