On 2020/04/14 15:59, Eric Elena wrote: > On Tue, 14 Apr 2020 14:38:37 +0100 Stuart Henderson wrote: > > On 2020/04/14 14:28, Kevin Chadwick wrote: > > > On 2020-04-14 14:15, Stuart Henderson wrote: > > > > my 2p: setting the directory 750 is a pain for tab completion, > > > > so if this is changed I think it would be better to set permissions on > > > > the sensitive files only. > > > > > > AFAIK /etc/grafana/config.ini is the only sensitive config file. Though I > > > have > > > seen various other names for the configuration file in documentation. The > > > db dir > > > is already secured. > > > > > > > ldap.toml too. > > I have a diff with stricter permissions for the directories and the files. I > wanted to send it with an update of loki that is taking more time than > expected. Note that for people who have modified their config.ini: they will > have to adjust the permissions.
my 2p: setting the directory 750 is a pain for tab completion, so if this is changed I think it would be better to set permissions on the sensitive files only.