-
Task
-
Resolution: Duplicate
-
Undefined
-
None
-
None
-
None
-
False
-
False
-
** Note that this is a public ticket, please refrain from adding any sensitive data. **
Description of Problem
[RFE] insights-client should provide an option to define desired permissions for the log file creation.
Customer:
We are having CIS check failure due to the below logs. The insights log permission need to have 640 permission. I did #chmod 640, but every time insights agent runs, it creates a new log file with 644 permission. How to change the permissions to 640 from configs permanently ?
~~~
- ll /var/log/insights-client/
rw-rr-. 1 root root 166502 Oct 2 01:09 insights-client.log
rw-rr-. 1 root root 284320 Oct 2 01:09 insights-client.log.1
rw-rr-. 1 root root 30299 Oct 1 00:57 insights-client.log.2
rw-rr-. 1 root root 260523 Oct 1 00:57 insights-client.log.3
~~~
How reproducible
Always
Steps to Reproduce
- [Step 1]- Insights insights-client
- [Step 2]- Run any 'insights-client <options>' command.
- [Step 3]-check the file permissions under /var/log/insights-client/
Actual Behavior
It does not honor umask settings as well.
Expected Behavior
Either it should honor #umask or there should be an dedicated option in the config file.
Business Impact / Additional info
CIS - 4.2.3 Ensure all logfiles have appropriate permissions and ownership. ABC (company) CIS restricts any log files in the /varlog/ should't have any read/write access by "others"