From 37c949e83ba871d4e4df2d4a0536782c55f950b7 Mon Sep 17 00:00:00 2001 From: Tonnerre LOMBARD Date: Sun, 27 Oct 2013 02:32:14 +0200 Subject: [PATCH] Currently, octoprint gives write access to all files in its data directory to everybody. This was probably considered appropriate for the case of octoprint running on a single-user device, but given that Unix has groups support, it is not necessary, and can be very harmful. --- src/octoprint/daemon.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/octoprint/daemon.py b/src/octoprint/daemon.py index 958d6777..280d8e7f 100644 --- a/src/octoprint/daemon.py +++ b/src/octoprint/daemon.py @@ -28,7 +28,7 @@ class Daemon: # decouple from parent environment os.chdir('/') os.setsid() - os.umask(0) + os.umask(022) # do second fork try: