host ~ # find /etc/matrixcli -ls
49284276 4 drwxr-xr-x 2 root root 4096 Sep 30 15:20 /etc/matrixcli
49284482 4 -rw-r--r-- 1 root root 927 Sep 30 15:20 /etc/matrixcli/config.py
Either /etc/matrixcli/config.py should default to 600, or /etc/matrixcli should default to 700. Currently, it's very likely that a user might put a password into config.py, which is then world-readable for all users on the system.
Note that Python will create a subfolder __pycache__ with a cached version of config.py in it; the cached version will copy the permissions of config.py. So if you want to secure your installation, you need to change the permissions on both:
chmod 600 /etc/matrixcli/config.py
chmod 600 /etc/matrixcli/__pycache__/config.*.pyc
Either
/etc/matrixcli/config.pyshould default to 600, or/etc/matrixclishould default to 700. Currently, it's very likely that a user might put a password intoconfig.py, which is then world-readable for all users on the system.Note that Python will create a subfolder
__pycache__with a cached version ofconfig.pyin it; the cached version will copy the permissions ofconfig.py. So if you want to secure your installation, you need to change the permissions on both: