Fix influxdb log file permissions
Update /var/log/influxdb/influxd.log permissions to 640 from 644 to disallow world readable but at the same time to allow group read access. The changes are made to comply as much as possible with openscap rules security requirements. Verified that installation is successful for AIO-SX and Standard 2+2 system configurations. Story: 2008037 Task: 40694 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: I284fc6882043b4a4d271bd5963fca94bc7a1e390
This commit is contained in:
parent
ee7ae99d41
commit
81b7727a2e
|
@ -16,6 +16,9 @@ EnvironmentFile=-/etc/default/influxdb
|
|||
PermissionsStartOnly=true
|
||||
ExecStartPre=-/usr/bin/mkdir -p /var/run/influxdb
|
||||
ExecStartPre=-/usr/bin/chown influxdb:influxdb /var/run/influxdb
|
||||
ExecStartPre=-/usr/bin/touch /var/log/influxdb/influxd.log
|
||||
ExecStartPre=-/usr/bin/chown influxdb:influxdb /var/log/influxdb/influxd.log
|
||||
ExecStartPre=-/usr/bin/chmod 640 /var/log/influxdb/influxd.log
|
||||
ExecStart=/bin/sh -c "/usr/bin/influxd -config /etc/influxdb/influxdb.conf -pidfile /var/run/influxdb/influxdb.pid ${INFLUXD_OPTS} >> ${STDOUT} 2>> ${STDERR}"
|
||||
ExecStopPost=/bin/bash -c 'rm /var/run/influxdb/influxdb.pid'
|
||||
KillMode=control-group
|
||||
|
|
Loading…
Reference in New Issue