From d96c53b33ad3db86c418b5fbd78732e7a4074631 Mon Sep 17 00:00:00 2001
From: Calum Lacroix <c@cypher.cc>
Date: Wed, 12 Jan 2022 17:22:17 +0000
Subject: [PATCH] Set owner-only RWX for etcd dir

---
 ebs.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ebs.go b/ebs.go
index 949d294..e666eb9 100644
--- a/ebs.go
+++ b/ebs.go
@@ -185,10 +185,13 @@ func ensureVolumeMounted(blockDeviceOS, mountPoint string) error {
 }
 
 func ensureVolumeWriteable(mountPoint string) error {
-	log.Printf("Ensuring %s is r/w by etcd\n", mountPoint)
+	log.Printf("Ensuring %s is r/w by etcd only\n", mountPoint)
 	if err := exec.Command("sudo", "/usr/bin/chown", "-R", "etcd:etcd", mountPoint).Run(); err != nil {
 		return errors.Wrapf(err, "cannot make %s writeable by etcd", mountPoint)
 	}
+	if err := exec.Command("sudo", "/usr/bin/chmod", "-R", "700", mountPoint).Run(); err != nil {
+		return errors.Wrapf(err, "cannot set permissions on %s for etcd", mountPoint)
+	}
 
 	return nil
 }