From c72232e8628d6beae53c51fa4cf12f066bbe58ab Mon Sep 17 00:00:00 2001
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Wed, 31 Jan 2018 00:46:59 +0100
Subject: Set restrictive permissions for the SSID.in template, not for the
 real file (to assure that WiFi credentials don't leak to non-root users).

---
 install-itzks-workstation | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/install-itzks-workstation b/install-itzks-workstation
index 535d88a..b231bf2 100644
--- a/install-itzks-workstation
+++ b/install-itzks-workstation
@@ -124,6 +124,9 @@ never-default=false
 method=ignore
 EOT
 
+# Set permissions on generated file
+chmod go-rwx /etc/NetworkManager/system-connections/SSID.in
+
 # Generate uuid and timestamp and overwrite in file
 
 UUID=$(uuidgen -t)
@@ -143,9 +146,6 @@ unset passw
 # move tweaked template to real configuration file
 mv /etc/NetworkManager/system-connections/SSID.in /etc/NetworkManager/system-connections/"$ssid"
 
-# Set permissions on generated file
-chmod go-rwx /etc/NetworkManager/system-connections/"$ssid"
-
 unset ssid
 
 # Write new content for /usr/share/debian-edu-config/tools/wpad-extract. 
-- 
cgit v1.2.3