Conditionally set file audit log mode (#3649)
This commit is contained in:
Brian Shumate
Jeff Mitchell
parent
2aa576149c
commit
a0d1092420
|
|
@ -75,7 +75,9 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
mode = os.FileMode(m)
|
if m != 0 {
|
||||||
|
mode = os.FileMode(m)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
b := &Backend{
|
b := &Backend{
|
||||||
|
|
@ -247,13 +249,15 @@ func (b *Backend) open() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Change the file mode in case the log file already existed. We special
|
// Change the file mode in case the log file already existed. We special
|
||||||
// case /dev/null since we can't chmod it
|
// case /dev/null since we can't chmod it and bypass if the mode is zero
|
||||||
switch b.path {
|
switch b.path {
|
||||||
case "/dev/null":
|
case "/dev/null":
|
||||||
default:
|
default:
|
||||||
err = os.Chmod(b.path, b.mode)
|
if b.mode != 0 {
|
||||||
if err != nil {
|
err = os.Chmod(b.path, b.mode)
|
||||||
return err
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -77,7 +77,7 @@ Following are the configuration options available for the backend.
|
||||||
<span class="param-flags">optional</span>
|
<span class="param-flags">optional</span>
|
||||||
A string containing an octal number representing the bit pattern
|
A string containing an octal number representing the bit pattern
|
||||||
for the file mode, similar to `chmod`. This option defaults to
|
for the file mode, similar to `chmod`. This option defaults to
|
||||||
`0600`.
|
`0600`. Specifying mode of `0000` will disable Vault's setting any mode on the file.
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<span class="param">format</span>
|
<span class="param">format</span>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue