StackStorm credentials leak from '~/.st2/config' #558
Description
curl|bash installer creates a ~/.st2/config file containing StackStorm login creds with read-all permissions:
$ ls -la ~/.st2/config
-rw-r--r-- 1 vagrant vagrant 54 May 23 14:09 /home/vagrant/.st2/config
This way unauthorized Linux user can read st2 login creds username:password saved by the other user.
Ideally, ~/.st2/ dir should have also 2750 permissions, (currently 0755), - that part could be addressed in StackStorm/st2 core itself.