natefinch
commented
3 years ago Here's the thing, we already set the default log mode to 600 when opening a new log file. That line you changed only opens an existing log file. The filemod in that call is ignored when opening an existing file. You can see that here:
https://play.golang.org/p/cupAhV1GAI1
It might be worth a comment saying "hey, this filemod gets ignored" and maybe setting it to 0000 just to show it's really and truly not a valid value.
When a file is not pre-created, the default mode were 0644. This could be very problematic for audit log files which require tighter permissions.
This changes the default mode to be 0600 which is more restrictive. Note that rotation of log files already uses this mode by default. Also note that when files are pre-created, the mode the file already had is respected.