From 8aaf334096d5889a4224ae074842d255dcdc723b Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Thu, 7 Jul 2016 18:14:08 +0200
Subject: [PATCH] Do not create world-readable secret file by default

---
 src/pretix/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/pretix/settings.py b/src/pretix/settings.py
index 192eac39ef..3d87400e1f 100644
--- a/src/pretix/settings.py
+++ b/src/pretix/settings.py
@@ -35,6 +35,8 @@ else:
         chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
         SECRET_KEY = get_random_string(50, chars)
         with open(SECRET_FILE, 'w') as f:
+            os.chmod(SECRET_FILE, 0o600)
+            os.chown(SECRET_FILE, os.getuid(), os.getgid())
             f.write(SECRET_KEY)
 
 # Adjustable settings