From ced84a05a62816d3ee49b3c7a46506642b31581e Mon Sep 17 00:00:00 2001
From: Rohan Sircar <rohansircar@tuta.io>
Date: Tue, 11 Aug 2020 15:05:40 +0530
Subject: [PATCH] Updated migration script v3

now sets unix permissions to 600 for the generated password file
---
 .../db/migration/V3__add_default_admin.java   | 27 ++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/main/java/db/migration/V3__add_default_admin.java b/src/main/java/db/migration/V3__add_default_admin.java
index 668d457..d54ac9d 100644
--- a/src/main/java/db/migration/V3__add_default_admin.java
+++ b/src/main/java/db/migration/V3__add_default_admin.java
@@ -2,6 +2,9 @@ package db.migration;
 
 import java.io.BufferedWriter;
 import java.io.FileWriter;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
 import java.security.SecureRandom;
 import java.sql.PreparedStatement;
 
@@ -43,10 +46,32 @@ public class V3__add_default_admin extends BaseJavaMigration {
         try (final PreparedStatement ps = context.getConnection()
                 .prepareStatement("insert into users (user_id, name, password) values (0,?,?)")) {
             final String generatedPassword = generatePassword(60, ALPHA_CAPS + ALPHA + SPECIAL_CHARS);
-            final BufferedWriter bw = new BufferedWriter(new FileWriter("gen-password.txt"));
+            final BufferedWriter bw = new BufferedWriter(
+                    new FileWriter("gen-password.txt"));
+            
             bw.write(generatedPassword);
             bw.write("\nPlease delete this file");
             bw.close();
+
+            final var perms = Files.getPosixFilePermissions(Paths.get(
+                    "gen-password.txt"));
+
+
+            //add owners permission
+            perms.add(PosixFilePermission.OWNER_READ);
+            perms.add(PosixFilePermission.OWNER_WRITE);
+            perms.remove(PosixFilePermission.OWNER_EXECUTE);
+            //add group permissions
+            perms.remove(PosixFilePermission.GROUP_READ);
+            perms.remove(PosixFilePermission.GROUP_WRITE);
+            perms.remove(PosixFilePermission.GROUP_EXECUTE);
+            //add others permissions
+            perms.remove(PosixFilePermission.OTHERS_READ);
+            perms.remove(PosixFilePermission.OTHERS_WRITE);
+            perms.remove(PosixFilePermission.OTHERS_EXECUTE);
+            Files.setPosixFilePermissions(Paths.get("gen-password.txt"), perms);
+
+
             ps.setString(1, "admin");
             ps.setString(2, passwordEncoder.encode(generatedPassword));
             ps.execute();