auth: check the permissions on the private key to see if it's readable (#12336)

eb0a5d44 · Patrick Devine · GitHub · ceac416e · eb0a5d44
Unverified Commit eb0a5d44 authored Sep 18, 2025 by Patrick Devine Committed by GitHub Sep 18, 2025
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 3 deletions

auth/auth.go auth/auth.go +15 -3

No files found.
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -19,16 +19,28 @@ import (
 const defaultPrivateKey = "id_ed25519"
 func keyPath() (string, error) {
-	fileExists := func(fp string) bool {
+	fileIsReadable := func(fp string) bool {
 		info, err := os.Stat(fp)
 		if err != nil {
 			return false
 		}
-		return !info.IsDir()
+		// Check that it's a regular file, not a directory or other file type
+		if !info.Mode().IsRegular() {
+			return false
+		}
+		// Try to open it to check readability
+		file, err := os.Open(fp)
+		if err != nil {
+			return false
+		}
+		file.Close()
+		return true
 	}
 	systemPath := filepath.Join("/usr/share/ollama/.ollama", defaultPrivateKey)
-	if fileExists(systemPath) {
+	if fileIsReadable(systemPath) {
 		return systemPath, nil
 	}