From 7bc51175d5a09f3c4183ae6ba11e67a1e8b31ac8 Mon Sep 17 00:00:00 2001
From: aphralG <108004222+aphralG@users.noreply.github.com>
Date: Mon, 27 Nov 2023 15:10:32 +0000
Subject: [PATCH] Fix permissions for log file and dynamic config directory
 (#517)

* change permissions
---
 src/core/config/config.go                                       | 2 +-
 src/core/logger/log.go                                          | 2 +-
 src/core/os.go                                                  | 2 +-
 .../vendor/github.com/nginx/agent/v2/src/core/config/config.go  | 2 +-
 .../integration/vendor/github.com/nginx/agent/v2/src/core/os.go | 2 +-
 .../vendor/github.com/nginx/agent/v2/src/core/config/config.go  | 2 +-
 .../vendor/github.com/nginx/agent/v2/src/core/logger/log.go     | 2 +-
 .../performance/vendor/github.com/nginx/agent/v2/src/core/os.go | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/core/config/config.go b/src/core/config/config.go
index d2b86a6bc..58c5ce0f3 100644
--- a/src/core/config/config.go
+++ b/src/core/config/config.go
@@ -414,7 +414,7 @@ func LoadPropertiesFromFile(cfg string) error {
 		}
 	} else if errors.Is(err, fs.ErrNotExist) {
 		log.Infof("Writing the following file to disk: %s", dynamicCfgPath)
-		err = os.MkdirAll(dynamicCfgDir, 0o755)
+		err = os.MkdirAll(dynamicCfgDir, 0o750)
 		if err != nil {
 			return fmt.Errorf("error attempting to create directory for dynamic config (%s): %v", dynamicCfgDir, err)
 		}
diff --git a/src/core/logger/log.go b/src/core/logger/log.go
index 4ae19cd42..7dd001df7 100644
--- a/src/core/logger/log.go
+++ b/src/core/logger/log.go
@@ -49,7 +49,7 @@ func SetLogFile(logFile string) *os.File {
 			logPath = path.Join(logPath, defaultLogFile)
 		}
 
-		logFileHandle, err := os.OpenFile(logPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0o640)
+		logFileHandle, err := os.OpenFile(logPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0o600)
 		if err != nil {
 			log.Errorf("Failed to set log file, proceeding to log only to stdout/stderr: %v", err)
 			return nil
diff --git a/src/core/os.go b/src/core/os.go
index e1f95cf32..65f91a0e0 100644
--- a/src/core/os.go
+++ b/src/core/os.go
@@ -50,7 +50,7 @@ func EnableWritePermissionForSocket(path string) error {
 		case <-timeout:
 			return lastError
 		default:
-			lastError = os.Chmod(path, 0o660)
+			lastError = os.Chmod(path, 0o600)
 			if lastError == nil {
 				return nil
 			}
diff --git a/test/integration/vendor/github.com/nginx/agent/v2/src/core/config/config.go b/test/integration/vendor/github.com/nginx/agent/v2/src/core/config/config.go
index d2b86a6bc..58c5ce0f3 100644
--- a/test/integration/vendor/github.com/nginx/agent/v2/src/core/config/config.go
+++ b/test/integration/vendor/github.com/nginx/agent/v2/src/core/config/config.go
@@ -414,7 +414,7 @@ func LoadPropertiesFromFile(cfg string) error {
 		}
 	} else if errors.Is(err, fs.ErrNotExist) {
 		log.Infof("Writing the following file to disk: %s", dynamicCfgPath)
-		err = os.MkdirAll(dynamicCfgDir, 0o755)
+		err = os.MkdirAll(dynamicCfgDir, 0o750)
 		if err != nil {
 			return fmt.Errorf("error attempting to create directory for dynamic config (%s): %v", dynamicCfgDir, err)
 		}
diff --git a/test/integration/vendor/github.com/nginx/agent/v2/src/core/os.go b/test/integration/vendor/github.com/nginx/agent/v2/src/core/os.go
index e1f95cf32..65f91a0e0 100644
--- a/test/integration/vendor/github.com/nginx/agent/v2/src/core/os.go
+++ b/test/integration/vendor/github.com/nginx/agent/v2/src/core/os.go
@@ -50,7 +50,7 @@ func EnableWritePermissionForSocket(path string) error {
 		case <-timeout:
 			return lastError
 		default:
-			lastError = os.Chmod(path, 0o660)
+			lastError = os.Chmod(path, 0o600)
 			if lastError == nil {
 				return nil
 			}
diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/config.go b/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/config.go
index d2b86a6bc..58c5ce0f3 100644
--- a/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/config.go
+++ b/test/performance/vendor/github.com/nginx/agent/v2/src/core/config/config.go
@@ -414,7 +414,7 @@ func LoadPropertiesFromFile(cfg string) error {
 		}
 	} else if errors.Is(err, fs.ErrNotExist) {
 		log.Infof("Writing the following file to disk: %s", dynamicCfgPath)
-		err = os.MkdirAll(dynamicCfgDir, 0o755)
+		err = os.MkdirAll(dynamicCfgDir, 0o750)
 		if err != nil {
 			return fmt.Errorf("error attempting to create directory for dynamic config (%s): %v", dynamicCfgDir, err)
 		}
diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/core/logger/log.go b/test/performance/vendor/github.com/nginx/agent/v2/src/core/logger/log.go
index 4ae19cd42..7dd001df7 100644
--- a/test/performance/vendor/github.com/nginx/agent/v2/src/core/logger/log.go
+++ b/test/performance/vendor/github.com/nginx/agent/v2/src/core/logger/log.go
@@ -49,7 +49,7 @@ func SetLogFile(logFile string) *os.File {
 			logPath = path.Join(logPath, defaultLogFile)
 		}
 
-		logFileHandle, err := os.OpenFile(logPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0o640)
+		logFileHandle, err := os.OpenFile(logPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0o600)
 		if err != nil {
 			log.Errorf("Failed to set log file, proceeding to log only to stdout/stderr: %v", err)
 			return nil
diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/core/os.go b/test/performance/vendor/github.com/nginx/agent/v2/src/core/os.go
index e1f95cf32..65f91a0e0 100644
--- a/test/performance/vendor/github.com/nginx/agent/v2/src/core/os.go
+++ b/test/performance/vendor/github.com/nginx/agent/v2/src/core/os.go
@@ -50,7 +50,7 @@ func EnableWritePermissionForSocket(path string) error {
 		case <-timeout:
 			return lastError
 		default:
-			lastError = os.Chmod(path, 0o660)
+			lastError = os.Chmod(path, 0o600)
 			if lastError == nil {
 				return nil
 			}