From adc7021e183f783b420e78adad734a4846bab6c6 Mon Sep 17 00:00:00 2001
From: stdweird <stijn.deweirdt@ugent.be>
Date: Thu, 23 Mar 2023 13:43:18 +0100
Subject: [PATCH] metaconfig: rsyslog: configfile shouldn't be world-readable
 (can contain credentials)

---
 ncm-metaconfig/src/main/metaconfig/rsyslog/pan/config.pan | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ncm-metaconfig/src/main/metaconfig/rsyslog/pan/config.pan b/ncm-metaconfig/src/main/metaconfig/rsyslog/pan/config.pan
index c790c663d2..340aee0203 100644
--- a/ncm-metaconfig/src/main/metaconfig/rsyslog/pan/config.pan
+++ b/ncm-metaconfig/src/main/metaconfig/rsyslog/pan/config.pan
@@ -7,7 +7,7 @@ bind "/software/components/metaconfig/services/{/etc/rsyslog.conf}/contents" = r
 prefix "/software/components/metaconfig/services/{/etc/rsyslog.conf}";
 "daemons/rsyslog" = "restart";
 "module" = "rsyslog/main";
-"mode" = 0644;
+"mode" = 0640;
 
 bind "/software/components" = dict with {
     if (exists(SELF['syslog'])) {