security(master): 部署脚本新增配置文件与数据库权限收敛 (chmod 600)，防止 Bot Token 与节点网络拓扑泄露 (v3.0.3-part3)

2026-04-11 00:30:58 +00:00
parent 990d60f63a
commit 62deadda1e
1 changed files with 5 additions and 0 deletions
--- a/master/install_master.sh
+++ b/master/install_master.sh
@@ -64,6 +64,11 @@ CREATE TABLE IF NOT EXISTS nodes (
 EOF
 echo "✅ 数据库创建成功: $DB_FILE"

+# ================== [v3.0.3 变更: 敏感文件权限收敛] ==================
+chmod 600 "${MASTER_DIR}/master.conf"
+chmod 600 "$DB_FILE"
+# ====================================================================
+
 # 4. 拉取核心调度代码并运行
 echo -e "\n[4/4] 部署 TG 调度守护进程..."
 # [修改] 剥离了写死的网址，改用顶部的 ${REPO_RAW_URL} 变量，确保与卸载脚本的数据源同源