Hi,
Just noticed that /etc/pritunl.conf
installs with 0644
permissions and since mongodb_uri
is stored there in plain text… that allows any user with shell access take a peek at pritunl’s mongodb
credentials. Concerning!..
(the good news is that pritunl
didn’t mind me setting permissions to 0600
)