Revert "Tighten file permissions for virtual MFA bootstrap output (#10193)"

AndrewAsseily · web-flow · commit 29a37036deec · 2026-04-08T13:17:18.000-04:00
This reverts commit cb89b7d.
diff --git a/.changes/next-release/bugfix-iam-84710.json b/.changes/next-release/bugfix-iam-84710.json
diff --git a/awscli/customizations/iamvirtmfa.py b/awscli/customizations/iamvirtmfa.py
@@ -24,9 +24,7 @@
 """
 
 import base64
-import os
 
-from awscli.compat import compat_open
 from awscli.customizations.arguments import (
     StatefulArgument,
     is_parsed_result_successful,
@@ -83,9 +81,7 @@ def _save_file(self, parsed, **kwargs):
         outfile = self._outfile.value
         if method in parsed['VirtualMFADevice']:
             body = parsed['VirtualMFADevice'][method]
-            with compat_open(outfile, 'wb', access_permissions=0o600) as fp:
-                if hasattr(os, 'fchmod'):
-                    os.fchmod(fp.fileno(), 0o600)
+            with open(outfile, 'wb') as fp:
                 fp.write(base64.b64decode(body))
             for choice in CHOICES:
                 if choice in parsed['VirtualMFADevice']:
diff --git a/tests/functional/iam/test_create_virtual_mfa_device.py b/tests/functional/iam/test_create_virtual_mfa_device.py
@@ -13,7 +13,7 @@
 # language governing permissions and limitations under the License.
 import os
 
-from awscli.testutils import BaseAWSCommandParamsTest, skip_if_windows
+from awscli.testutils import BaseAWSCommandParamsTest
 
 
 class TestCreateVirtualMFADevice(BaseAWSCommandParamsTest):
@@ -161,32 +161,3 @@ def test_bad_response(self):
             stderr_contains=self.parsed_response['Error']['Message'],
             expected_rc=254,
         )
-
-    @skip_if_windows("Permissions test not valid on Windows.")
-    def test_output_file_permissions(self):
-        outfile = self.getpath('fiebaz_perms.b32')
-        self.addCleanup(self.remove_file_if_exists, outfile)
-        cmdline = self.prefix
-        cmdline += ' --virtual-mfa-device-name fiebaz'
-        cmdline += (
-            ' --outfile %s --bootstrap-method Base32StringSeed' % outfile
-        )
-        result = {"VirtualMFADeviceName": 'fiebaz'}
-        self.assert_params_for_cmd(cmdline, result)
-        self.assertEqual(os.stat(outfile).st_mode & 0xFFF, 0o600)
-
-    @skip_if_windows("Permissions test not valid on Windows.")
-    def test_output_file_permissions_existing_file(self):
-        outfile = self.getpath('fiebaz_perms_existing.b32')
-        self.addCleanup(self.remove_file_if_exists, outfile)
-        with open(outfile, 'wb') as f:
-            f.write(b'existing')
-        os.chmod(outfile, 0o644)
-        cmdline = self.prefix
-        cmdline += ' --virtual-mfa-device-name fiebaz'
-        cmdline += (
-            ' --outfile %s --bootstrap-method Base32StringSeed' % outfile
-        )
-        result = {"VirtualMFADeviceName": 'fiebaz'}
-        self.assert_params_for_cmd(cmdline, result)
-        self.assertEqual(os.stat(outfile).st_mode & 0xFFF, 0o600)
