You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment, all files (except in the WireGuard stack, where 0600 is being enforced everywhere) are created with default metadata, likely 0644. Some of them contain secrets, and should be protected. While doing so, we should make sure each service can still access its own files.
That probably means having to support 3 new attributes in PackageConfigFile:
owner, defaulting to root
group, defaulting to root
perms, defaulting to 0644
and of course careful testing…
The text was updated successfully, but these errors were encountered:
At the moment, all files (except in the
WireGuardstack, where0600is being enforced everywhere) are created with default metadata, likely0644. Some of them contain secrets, and should be protected. While doing so, we should make sure each service can still access its own files.That probably means having to support 3 new attributes in
PackageConfigFile:owner, defaulting torootgroup, defaulting torootperms, defaulting to0644and of course careful testing…
The text was updated successfully, but these errors were encountered: