Strict file mode (permissions) setting?

[ainar-g]

Currently, AGH creates most of its files and directories with permissions like 0o644 (-rw-r--r--) for non-executable files and 0o755 (-rwxr-xr-x) for executables and directories. CWE and securego.io recommend these to be no greater than 0o600 (-rw-------) and 0o750 (-rwxr-x---) correspondingly.

I propose that we add a setting, strict_file_mode, which makes AGH make these 0o600 and 0o750/0o700. I would like it to be set to true by default, but that could break people's backup and other scripts. Perhaps it should only be true for new installations?

@ameshkov, what do you think?

Related:

• Strengthen the config file permissions #764.
• Incorrect permissions assigned to filters.txt files #3198.

[ameshkov]

Tbh, I don't like the idea of adding one more setting.

Also, I don't fully see any viable reason for making these settings stricter. I mean it's okay to have 600 for the config file (since it contains secrets), but it's okay for other files that do not have any secrets to be 644.

[ainar-g]

@ameshkov, I would say that the query log, stats, and sessions can also be quite sensitive. And after that, the only things that are left are filters and the stuff we do during the automatic update. Do we really want two sets of permissions?

[ameshkov]

IMO, it's better to have it than one more setting

[ameshkov]

Let's think about it later, I still don't like that this is a breaking change.