From 4ba5dc66e5940ba302e1e1d212c5ac9a760bcb9a Mon Sep 17 00:00:00 2001
From: Kiril Kovachev <ktkovachev@gmail.com>
Date: Thu, 8 May 2025 01:29:45 +0100
Subject: [PATCH] fix: Correctly set permissions of generated config file,
 which were previously too loose

---
 src/main.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index 6335e8f..10a40fe 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -44,7 +44,12 @@ enum Action {
 fn setup(args: SetupArgs) -> Result<(), std::io::Error> {
     if let Ok(config_template) = std::fs::read_to_string(CONFIG_TEMPLATE_PATH) {
         let filled_in_config = formatx!(config_template, args.api_url, args.rest_url, args.username, args.botpassword, args.oauth2_token).unwrap();
-        std::fs::write(shellexpand::tilde(BOT_CONFIG_PATH).into_owned(), filled_in_config).unwrap();
+        let path = shellexpand::tilde(BOT_CONFIG_PATH).into_owned();
+        std::fs::write(&path, filled_in_config).unwrap();
+        {
+            use std::os::unix::fs::PermissionsExt;
+            std::fs::set_permissions(path, std::fs::Permissions::from_mode(0o600))?;
+        }
         Ok(())
     } else {
         Err(std::io::Error::new(std::io::ErrorKind::NotFound, format!("Unable to find {}; did you execute the script from the same directory?", CONFIG_TEMPLATE_PATH)))