Closed hrak closed 7 years ago
Seems reasonable, addressed in #119.
Closed by 8a2fe7cfb68a5d34b8d050a09fe667e4579e9f12, hopefully should be a new release with this and runit
support in next week (currently busy moving).
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Since Kafka 0.9+ supports SSL, the server.properties potentially contains passphrase info for the server keystore and truststore. This cookbook currently sets file mode 644 on server.properties making it world-readable, which is a security risk.
Setting 'mode 600' and 'sensitive true' solves this and makes sure that the chef-client doesn't output passphrase info to stdout or chef-client logfiles.