From c66eb9dfb0485e66393348e7a6ebe27af8727346 Mon Sep 17 00:00:00 2001
From: Rohan Chakravarthy <rohan.c219@gmail.com>
Date: Tue, 7 Feb 2017 16:27:42 -0800
Subject: [PATCH] util: allow read-only permissions when enforcing file
 permissions (#897)

---
 dcos/util.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dcos/util.py b/dcos/util.py
index 871023e..3504188 100644
--- a/dcos/util.py
+++ b/dcos/util.py
@@ -167,7 +167,7 @@ def read_file(path):
 
 
 def enforce_file_permissions(path):
-    """Enfore 600 permissions on file
+    """Enforce 400 or 600 permissions on file
 
     :param path: Path to the TOML file
     :type path: str
@@ -183,7 +183,7 @@ def enforce_file_permissions(path):
         return
     else:
         permissions = oct(stat.S_IMODE(os.lstat(path).st_mode))
-        if permissions not in ['0o600', '0600']:
+        if permissions not in ['0o600', '0600', '0o400', '0400']:
             msg = (
                 "Permissions '{}' for configuration file '{}' are too open. "
                 "File must only be accessible by owner. "
@@ -193,7 +193,7 @@ def enforce_file_permissions(path):
 
 def read_file_secure(path):
     """
-    Enfore 600 permissions when reading file
+    Enforce 400 or 600 permissions when reading file
 
     :param path: path to file
     :type path: str