Move out ghost file to platformdata

Since /tmp is world writable this might cause privilege escalation https://forum.cloudron.io/topic/2222/impersonate-user-privilege-escalation
2020-03-12 10:23:11 -07:00
parent 3e66feb514
commit 6ee4b0da27
3 changed files with 6 additions and 3 deletions
--- a/src/constants.js
+++ b/src/constants.js
@@ -32,7 +32,7 @@ exports = module.exports = {

    NGINX_DEFAULT_CONFIG_FILE_NAME: 'default.conf',

-    GHOST_USER_FILE: '/tmp/cloudron_ghost.json',
+    GHOST_USER_FILE: '/home/yellowtent/platformdata/cloudron_ghost.json',

    DEFAULT_TOKEN_EXPIRATION: 7 * 24 * 60 * 60 * 1000, // 1 week