Am 14.04.20 um 16:21 schrieb Stuart Henderson: > On 2020/04/14 15:59, Eric Elena wrote: >> On Tue, 14 Apr 2020 14:38:37 +0100 Stuart Henderson wrote: >>> On 2020/04/14 14:28, Kevin Chadwick wrote: >>>> On 2020-04-14 14:15, Stuart Henderson wrote: >>>>> my 2p: setting the directory 750 is a pain for tab completion, >>>>> so if this is changed I think it would be better to set permissions on >>>>> the sensitive files only. >>>> >>>> AFAIK /etc/grafana/config.ini is the only sensitive config file. Though I >>>> have >>>> seen various other names for the configuration file in documentation. The >>>> db dir >>>> is already secured. >>>> >>> >>> ldap.toml too. >> >> I have a diff with stricter permissions for the directories and the files. I >> wanted to send it with an update of loki that is taking more time than >> expected. Note that for people who have modified their config.ini: they will >> have to adjust the permissions. > > my 2p: setting the directory 750 is a pain for tab completion, > so if this is changed I think it would be better to set permissions on > the sensitive files only. >
I agree with Stuart here. So with my previous diff, it should be enough to move the config.ini line to the end of the PLIST. -m
