Ole-Morten Duesund
4cfec0b336
Reinitialised repo to purge credential history. Credential files are now gitignored with .example templates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
19 lines
717 B
Text
Executable file
19 lines
717 B
Text
Executable file
# shellcheck shell=bash
|
|
# Helper to warn if a credential file has loose permissions
|
|
|
|
# require_private <file>
|
|
# Emits a warning to stderr if the file is group- or world-readable.
|
|
require_private() {
|
|
local file="$1"
|
|
[[ -f "$file" ]] || return 0
|
|
local perms
|
|
perms=$(stat -c %a "$file" 2>/dev/null) || {
|
|
echo "bash.d: WARNING: cannot check permissions on $file (stat failed)" >&2
|
|
return 1
|
|
}
|
|
# Check that group and other bits are both zero (e.g., 600, 700)
|
|
# Uses arithmetic on octal value to handle both 3- and 4-digit modes
|
|
if (( (8#$perms) & 8#077 )); then
|
|
echo "bash.d: WARNING: $file is group/world-accessible (mode $perms). Run: chmod 600 $file" >&2
|
|
fi
|
|
}
|