filepersist: brush up

[johanot]

Allow being explicit about ownership and perms for public and private keys, and drop the hardcoded chgrp certpull.

It is now possible to set cert_file_perms and key_file_perms respectively. Perms include user, group and mode.

If not set, defaults are:

• user and group: unchanged, i.e. same as creator (faythe)
• mode: cert: 644 (rw-r--r--), private key: 600 (rw-------)

cert_file_perms and key_file_perms will not break existing setups, since if omitted, they will default to unchanged ownership and secure permissions. Private key mode is more restrictive than previously, since it is no longer assumed that the group (certpull) needs read-access.

EDIT: oh, and also, file contents are now not flushed to the files until after permissions and ownership has been changed/set on the files.

Possible improvements of this PR:

We could change flat attributes: _file_perms and _file_name to file.permissions and file.name, e.g.

"cert_file": {
  "name": "fullchain.pem",
  "permissions": {
    "user": "certuser",
    "group": "certgroup",
    "mode": "644"
  }
}

We could also consider allowing rwxrwxrwx string syntax in the config file. Currently, only octal strings are accepted.

Feel free to challenge my choices and defaults.

[johanot]

Friendly nudge @srhb :)

[srhb]

Sorry I missed and/or forgot this.

My only comment is that,

EDIT: oh, and also, file contents are now not flushed to the files until after permissions and ownership has been changed/set on the files.

Since we're not really using this backend I don't really have strong opinions, but since you're using modes now, maybe you do.

The only safe way to do this is to set the mode on the open() call on a new file. iirc any handle obtained between open() and writing to the file will be able to read the contents as if the mode were whatever it was on the initial open(). Do you care about this?