- Create the log file with 640 permissions (#858)

Security scanners are often simple minded and complain on arbitrary settings such as file permissions. For /var/log/* having world read is one of these cases.
author: Robert Schweikert <rjschwei@suse.com> 2021-06-02 17:10:32 -0400
committer: GitHub <noreply@github.com> 2021-06-02 15:10:32 -0600
commit: 29ac50f2b9e7634fc59fc161d77d27e970ae8080 (patch)
tree: 8d5280c71dba2ad8f667e9776441aaac39bb4012 /cloudinit/stages.py
parent: 503e2d398660e8af5d49bdf6944a50ad793a3a31 (diff)
download: cloud-init-git-29ac50f2b9e7634fc59fc161d77d27e970ae8080.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/cloudinit/stages.py b/cloudinit/stages.py
index bbded1e9..3688be2e 100644
--- a/cloudinit/stages.py
+++ b/cloudinit/stages.py
@@ -156,7 +156,7 @@ class Init(object):
         util.ensure_dirs(self._initial_subdirs())
         log_file = util.get_cfg_option_str(self.cfg, 'def_log_file')
         if log_file:
-            util.ensure_file(log_file, preserve_mode=True)
+            util.ensure_file(log_file, mode=0o640, preserve_mode=True)
             perms = self.cfg.get('syslog_fix_perms')
             if not perms:
                 perms = {}
author	Robert Schweikert <rjschwei@suse.com>	2021-06-02 17:10:32 -0400
committer	GitHub <noreply@github.com>	2021-06-02 15:10:32 -0600
commit	29ac50f2b9e7634fc59fc161d77d27e970ae8080 (patch)
tree	8d5280c71dba2ad8f667e9776441aaac39bb4012 /cloudinit/stages.py
parent	503e2d398660e8af5d49bdf6944a50ad793a3a31 (diff)
download	cloud-init-git-29ac50f2b9e7634fc59fc161d77d27e970ae8080.tar.gz