Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Services should run with UMask of 0027 or more restrictive. #14005

Closed
kresss opened this issue Oct 10, 2019 · 0 comments · Fixed by #14119
Closed

Services should run with UMask of 0027 or more restrictive. #14005

kresss opened this issue Oct 10, 2019 · 0 comments · Fixed by #14119
Assignees
@ycombinator
Labels
bug libbeat

Comments

@kresss
Copy link

kresss commented Oct 10, 2019

Describe the enhancement:
Change the services files for example the systemd unit file to set an explicit UMask. For example a umask of 0077.

Describe a specific use case for the enhancement or feature:

On RHEL systems using Beats with Systemd Services start with a default umask of 0022. If a file is created by the service the file is by default world readable with this umask. Given the nature of beats and the fact that they are often used to process logging data or sensitive data they should write all files without world readable permissions. This is especially a problem when beats are configured to log to their own log file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ycombinator ycombinator

Labels
bug libbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set default umask of 0027 for all Beats-created files
3 participants
@ycombinator @urso @kresss