lnbits: make macaroons readable only by lnbits

2025-04-02 08:58:15 +02:00 · 2020-04-28 13:45:17 +01:00 · 2020-04-28 13:45:17 +01:00 · 2e52cbdcce
commit 2e52cbdcce
parent 12766b5bca
1 changed files with 1 additions and 0 deletions
--- a/home.admin/config.scripts/bonus.lnbits.sh
+++ b/home.admin/config.scripts/bonus.lnbits.sh
@ -87,6 +87,7 @@ if [ "$1" = "write-macaroons" ]; then
  sudo cp /home/bitcoin/.lnd/data/chain/${network}/${chain}net/invoice.macaroon /home/lnbits/.lnd/data/chain/${network}/${chain}net/
  sudo cp /home/bitcoin/.lnd/data/chain/${network}/${chain}net/readonly.macaroon /home/lnbits/.lnd/data/chain/${network}/${chain}net/    
  sudo chown lnbits:lnbits -R /home/lnbits/.lnd/data/chain/${network}/${chain}net/*.macaroon
+  sudo chmod 600 /home/lnbits/.lnd/data/chain/${network}/${chain}net/*.macaroon
  echo "OK DONE"
  #set macaroons paths in .env
  sudo -u lnbits sed -i "s/^LND_ADMIN_MACAROON=.*/LND_ADMIN_MACAROON=\/home\/lnbits\/.lnd\/data\/chain\/${network}\/${chain}net\/admin.macaroon/g" /home/lnbits/lnbits/.env