I've the script which loads the SSH key from the variable (as part of script in CI environment) in order to not keep the private file in the public repository, however ssh-add complains about the wrong permissions (and it seems it's not possible to bypass it). So my approach is to find the method of changing the permission of anonymous pipe which is created on the fly.
For example:
$ stat <(:)
File: ‘/dev/fd/63’
Size: 0 Blocks: 0 IO Block: 512 fifo
Device: 397f3928h/964639016d Inode: 818277067 Links: 0
Access: (0660/prw-rw----) Uid: ( 501/ kenorb) Gid: ( 20/ staff)
Access: 2015-10-10 22:33:30.498640000 +0100
Modify: 2015-10-10 22:33:30.498640000 +0100
Change: 2015-10-10 22:33:30.498640000 +0100
Birth: 2015-10-10 22:33:30.498640000 +0100
shows 0660 permission. I've checked my umask and it seems it has nothing to do with that.
Here is a simple test (on OS X, which by default has 0660):
$ ssh-add <(cat ~/.ssh/id_rsa)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0660 for '/dev/fd/63' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
On Linux it seems to work, because it's 0500 by default. Where this permission is controlled from?
To clarify, I'm not looking to change the permission of any file, as I'd like to use an anonymous pipe.
The question is:
How do I temporary change the permission of a pipe?
Best Answer
So far I've found the following workaround using named FIFO:
where the option
-msets the FIFO permission.