Make installer.log non-readable by non-root users

Doesn't have any sensitive info right now but might in the future. Fixes #142
2025-12-18 21:54:05 +08:00 · 2019-05-19 23:19:21 -07:00
parent f5ecce77a1
commit 8ec3fab3f3
2 changed files with 11 additions and 1 deletions
--- a/integration-tests/test_install.py
+++ b/integration-tests/test_install.py
@@ -117,6 +117,12 @@ def test_admin_writable():
    permissions_test(ADMIN_GROUP, sys.prefix, writable=True, dirs_only=True)


+def test_installer_log_readable():
+    # Test that installer.log is owned by root, and not readable by anyone else
+    file_stat = os.stat('/opt/tljh/installer.log')
+    assert file_stat.st_uid == 0
+    assert file_stat.st_mode == 0o100500
+
@pytest.mark.parametrize("group", [ADMIN_GROUP, USER_GROUP])
 def test_user_env_readable(group):
    # every file in user env should be readable by everyone