core: monitrc wrong permissions when HA sync is done

[X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md

[X] I have searched the existing issues and I’m convinced that mine is new.

Describe the bug When monit configuration is sync’ed from ha master to slave, the file /usr/local/etc/monitrc is created with wrong permissions (0644). When manually controlling monit, you get the message:

The control file '/usr/local/etc/monitrc' permission 0644 is wrong, maximum 0700 allowed

To Reproduce Steps to reproduce the behavior:

  1. activate and use monit
  2. trigger a configuration sync to backup node
  3. login to backup node (cli/ssh)
  4. Type: monit monitor all
  5. See error message

Expected behavior No error message

Additional context Solution: Simply change file mode to 0600, after syncing.

When on backup node in gui under Services: Monit: Settings the save and apply button is pressed, the configuration has the right permissions. So this is just an issue when the configuration is created by HA sync.

Environment Software version used and hardware type if relevant.

OPNsense 19.7.4_1-amd64 FreeBSD 11.2-RELEASE-p14-HBSD OpenSSL 1.0.2s 28 May 2019

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 28 (20 by maintainers)

Commits related to this issue

Most upvoted comments

sure, but name_setup would still be inferior if not fixed and setup.sh already changes the permission. That’s much easier than revamping the template system and there are also things the template system cannot do which setup.sh can like:

https://github.com/opnsense/core/blob/137e7af193e4/src/opnsense/scripts/proxy/setup.sh