fix(store): chmod SQLite DB files to 0600 on open #119

Merged

lerko merged 1 commits from fix/sqlite-umask into main

2026-06-12 13:59:27 +00:00

Author	SHA1	Message	Date
lerko	c3eac80e14	fix(store): chmod SQLite DB files to 0600 on open CI / test (pull_request) Successful in 1m57s Details CI / lint (pull_request) Successful in 1m26s Details CI / vulncheck (pull_request) Successful in 1m2s Details Bare-metal installs created the DB with process umask (often 022), making uptop.db, -wal, and -shm world-readable. These files contain alert credentials and config. Now chmod 0600 after open. Missing WAL/SHM siblings (not yet created) are silently skipped. Docker installs were already mitigated by the non-root UID.	2026-06-12 09:51:11 -04:00

Author

SHA1

Message

Date

lerko

c3eac80e14

fix(store): chmod SQLite DB files to 0600 on open

CI / test (pull_request) Successful in 1m57s

Details

CI / lint (pull_request) Successful in 1m26s

Details

CI / vulncheck (pull_request) Successful in 1m2s

Details

Bare-metal installs created the DB with process umask (often 022),
making uptop.db, -wal, and -shm world-readable. These files contain
alert credentials and config. Now chmod 0600 after open. Missing
WAL/SHM siblings (not yet created) are silently skipped. Docker
installs were already mitigated by the non-root UID.

2026-06-12 09:51:11 -04:00

fix(store): chmod SQLite DB files to 0600 on open #119

1 Commits