Conditionally set file audit log mode (#3649)
This commit is contained in:
parent
2aa576149c
commit
a0d1092420
|
@ -75,8 +75,10 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if m != 0 {
|
||||
mode = os.FileMode(m)
|
||||
}
|
||||
}
|
||||
|
||||
b := &Backend{
|
||||
path: path,
|
||||
|
@ -247,15 +249,17 @@ func (b *Backend) open() error {
|
|||
}
|
||||
|
||||
// Change the file mode in case the log file already existed. We special
|
||||
// case /dev/null since we can't chmod it
|
||||
// case /dev/null since we can't chmod it and bypass if the mode is zero
|
||||
switch b.path {
|
||||
case "/dev/null":
|
||||
default:
|
||||
if b.mode != 0 {
|
||||
err = os.Chmod(b.path, b.mode)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -77,7 +77,7 @@ Following are the configuration options available for the backend.
|
|||
<span class="param-flags">optional</span>
|
||||
A string containing an octal number representing the bit pattern
|
||||
for the file mode, similar to `chmod`. This option defaults to
|
||||
`0600`.
|
||||
`0600`. Specifying mode of `0000` will disable Vault's setting any mode on the file.
|
||||
</li>
|
||||
<li>
|
||||
<span class="param">format</span>
|
||||
|
|
Loading…
Reference in a new issue