Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changed default file modes from 0o644 to 0o600 for better security #1141

merged 1 commit into from Jan 16, 2022


Copy link

@lamweili lamweili commented Jan 16, 2022

No description provided.

@lamweili lamweili added this to the 6.4.0 milestone Jan 16, 2022
Copy link

@thernstig thernstig commented Mar 23, 2022

@peteriman this is a breaking change, as we just noticed this. it breaks things in Kubernetes e.g. when using a sidecar to read logs. (Even though it is configurable the defaults broke). So it probably should have been reserved for 7.X.

Copy link
Contributor Author

@lamweili lamweili commented Mar 23, 2022

You are right. My mistake.

In hindsight, probably should have used 7.x.x instead to not break things for existing users who uses the default file permissions.

I have updated the changelog (7010a7d) to have a more indicative warning now we are unable to go back in time.

For whoever might be reading this, to workaround the breaking change:

  1. Either run the other applications, that needs to read the log, using the same user account (due to 0o600), or
  2. Manually specify the permission (such as 0o644) to be used through the mode options as listed in the fileAppender docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

2 participants