From 4378c7ae8eb94b47db31b9846bf72a0e2e020270 Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <cosmc@microsoft.com>
Date: Mon, 17 Jul 2017 09:25:31 +0200
Subject: [PATCH] Restrict the dir and file permissions of the mounted volume

---
 pkg/volume/azure_file/azure_file.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/volume/azure_file/azure_file.go b/pkg/volume/azure_file/azure_file.go
index a4ba73faa63..e85d48bdceb 100644
--- a/pkg/volume/azure_file/azure_file.go
+++ b/pkg/volume/azure_file/azure_file.go
@@ -208,11 +208,11 @@ func (b *azureFileMounter) SetUpAt(dir string, fsGroup *int64) error {
 	if accountName, accountKey, err = b.util.GetAzureCredentials(b.plugin.host, b.pod.Namespace, b.secretName); err != nil {
 		return err
 	}
-	os.MkdirAll(dir, 0750)
+	os.MkdirAll(dir, 0700)
 
 	source := fmt.Sprintf("//%s.file.%s/%s", accountName, getStorageEndpointSuffix(b.plugin.host.GetCloudProvider()), b.shareName)
 	// parameters suggested by https://azure.microsoft.com/en-us/documentation/articles/storage-how-to-use-files-linux/
-	options := []string{fmt.Sprintf("vers=3.0,username=%s,password=%s,dir_mode=0777,file_mode=0777", accountName, accountKey)}
+	options := []string{fmt.Sprintf("vers=3.0,username=%s,password=%s,dir_mode=0700,file_mode=0700", accountName, accountKey)}
 	if b.readOnly {
 		options = append(options, "ro")
 	}