Open mhalano opened 3 years ago
Does this strict permission does any harm?
I think the default '0600'
permission is fine as long as system does not care about the permission and can read it, there is no use for all users on the system to have access to the file and read kernel parameters.
https://en.wikipedia.org/wiki/Principle_of_least_privilege :)
@aminvakil It doesn't cause any harm, works fine, but causes a discrepancy because every file inside /etc/sysctl.d/ put by multiple packages (like procps, which include a lot of files) use 0644 mode, and also /etc/sysctl.conf itself is 0644. So why just one file with a couple of parameters should be more protected than others? Did you get it?
SUMMARY
I save my custom configurations under /etc/sysctl.d/10-performance.conf (performance configs). The problem is when this file is created it has a very restrictive permission, 0600 to be exactly. Should be 0644 as the other files.
ISSUE TYPE
COMPONENT NAME
sysctl
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Ubuntu 20.10 but using the ansible-base package from Eoan on the official repository.
STEPS TO REPRODUCE
.1 Execute this minimum tasks:
EXPECTED RESULTS
The file /etc/sysctl.d/10-performance.conf should have as permission 0644.
ACTUAL RESULTS
The file /etc/sysctl.d/10-performance.conf has permission 0600 even if it is not a critical file (security key or whereveer)