fix: set limited permissions on package installs (#23683)

* fix: set limited permissions on package installs

* fix: set umask in systemd service to create files as 0750

.circleci/package/control/postinst

@@ -111,8 +111,8 @@ elif [[ -f /etc/debian_version ]]; then
     # Moving these lines out of this if statement would make `rmp -V` fail after installation.
     chown -R -L influxdb:influxdb $LOG_DIR
     chown -R -L influxdb:influxdb $DATA_DIR
-    chmod 755 $LOG_DIR
-    chmod 755 $DATA_DIR
+    chmod 750 $LOG_DIR
+    chmod 750 $DATA_DIR
 
     # Debian/Ubuntu logic
     if command -v systemctl &>/dev/null; then

.circleci/package/fs/usr/lib/influxdb/scripts/influxdb.service

@@ -15,6 +15,7 @@ KillMode=control-group
 Restart=on-failure
 Type=forking
 PIDFile=/var/lib/influxdb/influxd.pid
+UMask=0027
 
 [Install]
 WantedBy=multi-user.target

.circleci/scripts/build-package

@@ -58,7 +58,10 @@ function run_fpm()
       --after-remove   control/postrm                      \
       `# package files`                                    \
       --chdir          fs/                                 \
-      --package        /artifacts
+      --package        /artifacts                          \
+      --directories    /var/lib/influxdb                   \
+      --rpm-defattrdir 750                                 \
+      --rpm-defattrfile 750
 
     popd