Restrict access to the client config file to protect client tokens

jinnko · jinnko · commit fd7f52344a90 · 2015-03-03T10:27:48.000Z
When using command token substitution we put passwords in the client
config file.  In order to properly protect the passwords this file
must not be world readable.
diff --git a/manifests/client/config.pp b/manifests/client/config.pp
@@ -18,7 +18,7 @@
     ensure => $ensure,
     owner  => 'sensu',
     group  => 'sensu',
-    mode   => '0444',
+    mode   => '0440',
   }
 
   sensu_client_config { $::fqdn:

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`ensure => $ensure,`
`19`	`19`	`owner => 'sensu',`
`20`	`20`	`group => 'sensu',`
`21`		`- mode => '0444',`
	`21`	`+ mode => '0440',`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`sensu_client_config { $::fqdn:`