Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changed default file modes from 0o644 to 0o600 for better security #1141

Merged
merged 1 commit into from Jan 16, 2022

Conversation

lamweili
Copy link
Contributor

@lamweili lamweili commented Jan 16, 2022

No description provided.

@lamweili lamweili added this to the 6.4.0 milestone Jan 16, 2022
@thernstig
Copy link

@thernstig thernstig commented Mar 23, 2022

@peteriman this is a breaking change, as we just noticed this. it breaks things in Kubernetes e.g. when using a sidecar to read logs. (Even though it is configurable the defaults broke). So it probably should have been reserved for 7.X.

@lamweili
Copy link
Contributor Author

@lamweili lamweili commented Mar 23, 2022

You are right. My mistake.

In hindsight, probably should have used 7.x.x instead to not break things for existing users who uses the default file permissions.

I have updated the changelog (7010a7d) to have a more indicative warning now we are unable to go back in time.


For whoever might be reading this, to workaround the breaking change:

  1. Either run the other applications, that needs to read the log, using the same user account (due to 0o600), or
  2. Manually specify the permission (such as 0o644) to be used through the mode options as listed in the fileAppender docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants