Change configuration perms on Linux (#313)

Prevent main & check configuration files to be read by everybody. The reason is they can contains some secrets. Fix #312
DataDog · Dec 1, 2020 · 808c84e · 808c84e
1 parent d907342
commit 808c84e
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/tasks/agent-linux.yml b/tasks/agent-linux.yml
@@ -16,6 +16,7 @@
   template:
     src: datadog.yaml.j2
     dest: /etc/datadog-agent/datadog.yaml
+    mode: 0640
     owner: "{{ datadog_user }}"
     group: "{{ datadog_group }}"
   notify: restart datadog-agent
@@ -32,6 +33,7 @@
   template:
     src: checks.yaml.j2
     dest: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml"
+    mode: 0640
     owner: "{{ datadog_user }}"
     group: "{{ datadog_group }}"
   with_items: "{{ datadog_checks|list }}"