From 0d77aaff262c86b0dfdce15232857babcd6d6bf2 Mon Sep 17 00:00:00 2001
From: Jakob Ketterl <jakob.ketterl@gmx.de>
Date: Thu, 18 Feb 2021 20:57:41 +0100
Subject: [PATCH] restrict access to openwebrx users file

---
 debian/openwebrx.postinst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/openwebrx.postinst b/debian/openwebrx.postinst
index ca04fd0..8b98999 100755
--- a/debian/openwebrx.postinst
+++ b/debian/openwebrx.postinst
@@ -19,7 +19,8 @@ case "$1" in
     if [ ! -e "${OWRX_USERS_FILE}" ]; then
       # create an empty users file now to avoid permission problems later
       echo "[]" > "${OWRX_USERS_FILE}"
-      chown "${OWRX_USER}". ${OWRX_USERS_FILE}
+      chown "${OWRX_USER}". "${OWRX_USERS_FILE}"
+      chmod 0600 "${OWRX_USERS_FILE}"
     fi
 
     db_get openwebrx/admin_user_password