Merge pull request #1473 from utmstack/release/v10.9.4

osmontero · web-flow · commit 23ac3ac50c94 · 2025-11-26T13:02:54.000Z
fix: change file permissions from 777 to 755 for security improvements
diff --git a/agent/collectors/filebeat_amd64.go b/agent/collectors/filebeat_amd64.go
@@ -66,7 +66,7 @@ func (f Filebeat) Install() error {
 				return fmt.Errorf("error creating %s service: %v", config.ModulesServName, err)
 			}
 
-			if err = utils.Execute("chmod", filebLogPath, "-R", "777", "filebeat"); err != nil {
+			if err = utils.Execute("chmod", filebLogPath, "-R", "755", "filebeat"); err != nil {
 				return fmt.Errorf("error executing chmod: %v", err)
 			}
 
diff --git a/agent/updates/dependencies.go b/agent/updates/dependencies.go
@@ -39,7 +39,7 @@ func handleDependenciesPostDownload(dependencies []string) error {
 			}
 
 			if runtime.GOOS == "linux" || runtime.GOOS == "darwin" {
-				if err := utils.Execute("chmod", utils.GetMyPath(), "-R", "777", fmt.Sprintf(config.UpdaterSelf, "")); err != nil {
+				if err := utils.Execute("chmod", utils.GetMyPath(), "-R", "755", fmt.Sprintf(config.UpdaterSelf, "")); err != nil {
 					return fmt.Errorf("error executing chmod on %s: %v", fmt.Sprintf(config.UpdaterSelf, ""), err)
 				}
 			}
@@ -48,7 +48,7 @@ func handleDependenciesPostDownload(dependencies []string) error {
 				return fmt.Errorf("error removing file %s: %v", file, err)
 			}
 		} else if runtime.GOOS == "linux" || runtime.GOOS == "darwin" {
-			if err := utils.Execute("chmod", utils.GetMyPath(), "-R", "777", file); err != nil {
+			if err := utils.Execute("chmod", utils.GetMyPath(), "-R", "755", file); err != nil {
 				return fmt.Errorf("error executing chmod on %s: %v", file, err)
 			}
 		}
diff --git a/agent/updates/update.go b/agent/updates/update.go
@@ -55,7 +55,7 @@ func UpdateDependencies(cnf *config.Config) {
 			}
 
 			if runtime.GOOS == "linux" || runtime.GOOS == "darwin" {
-				if err = utils.Execute("chmod", utils.GetMyPath(), "-R", "777", filepath.Join(utils.GetMyPath(), fmt.Sprintf(config.ServiceFile, "_new"))); err != nil {
+				if err = utils.Execute("chmod", utils.GetMyPath(), "-R", "755", filepath.Join(utils.GetMyPath(), fmt.Sprintf(config.ServiceFile, "_new"))); err != nil {
 					utils.Logger.ErrorF("error executing chmod: %v", err)
 				}
 			}
diff --git a/etc/opensearch/2.x/Dockerfile b/etc/opensearch/2.x/Dockerfile
@@ -35,7 +35,7 @@ RUN yum update -y && \
     rm -rf /usr/share/man /usr/share/doc /usr/share/info /tmp/* /var/tmp/*
 
 # Assign permissions and ownership to the extracted folder
-RUN chmod -R 777 /usr/share/opensearch/.utm_geoip && \
+RUN chmod -R 755 /usr/share/opensearch/.utm_geoip && \
     chown -R opensearch:opensearch /usr/share/opensearch/.utm_geoip
 
 # Restore OpenSearch user
diff --git a/frontend/src/app/app-module/guides/guide-as400/constants.ts b/frontend/src/app/app-module/guides/guide-as400/constants.ts
@@ -32,7 +32,7 @@ export const PLATFORM = [
                   `/opt/utmstack-linux-collectors/as400 && cd /opt/utmstack-linux-collectors/as400 && ` +
                   `wget --no-check-certificate ` +
                   `https://V_IP:9001/private/dependencies/collector/linux-as400-collector.zip ` +
-                  `&& unzip linux-as400-collector.zip && rm linux-as400-collector.zip && chmod -R 777 ` +
+                  `&& unzip linux-as400-collector.zip && rm linux-as400-collector.zip && chmod -R 755 ` +
                   `utmstack_collectors_installer && ./utmstack_collectors_installer install as400 ` +
                   `V_IP <secret>V_TOKEN<secret>"`,
 
diff --git a/frontend/src/app/app-module/guides/guide-linux-agent/guide-linux-agent.component.ts b/frontend/src/app/app-module/guides/guide-linux-agent/guide-linux-agent.component.ts
@@ -39,7 +39,7 @@ export class GuideLinuxAgentComponent implements OnInit {
     return `sudo bash -c "apt update -y && apt install wget -y && mkdir -p /opt/utmstack-linux-agent && \
     wget --no-check-certificate -P /opt/utmstack-linux-agent \
     https://${ip}:9001/private/dependencies/agent/${installerName} && \
-    chmod -R 777 /opt/utmstack-linux-agent/${installerName} && \
+    chmod -R 755 /opt/utmstack-linux-agent/${installerName} && \
     /opt/utmstack-linux-agent/${installerName} install ${ip} <secret>${this.token}</secret> yes"`;
   }
 
@@ -49,7 +49,7 @@ export class GuideLinuxAgentComponent implements OnInit {
     return `sudo bash -c "yum install wget -y && mkdir -p /opt/utmstack-linux-agent && \
     wget --no-check-certificate -P /opt/utmstack-linux-agent \
     https://${ip}:9001/private/dependencies/agent/${installerName} && \
-    chmod -R 777 /opt/utmstack-linux-agent/${installerName} && \
+    chmod -R 755 /opt/utmstack-linux-agent/${installerName} && \
     /opt/utmstack-linux-agent/${installerName} install ${ip} <secret>${this.token}</secret> yes"`;
   }
 
@@ -59,7 +59,7 @@ export class GuideLinuxAgentComponent implements OnInit {
     return `sudo bash -c "dnf install wget -y && mkdir -p /opt/utmstack-linux-agent && \
     wget --no-check-certificate -P /opt/utmstack-linux-agent \
     https://${ip}:9001/private/dependencies/agent/${installerName} && \
-    chmod -R 777 /opt/utmstack-linux-agent/${installerName} && \
+    chmod -R 755 /opt/utmstack-linux-agent/${installerName} && \
     /opt/utmstack-linux-agent/${installerName} install ${ip} <secret>${this.token}</secret> yes"`;
   }
 

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ func (f Filebeat) Install() error {`
`66`	`66`	`return fmt.Errorf("error creating %s service: %v", config.ModulesServName, err)`
`67`	`67`	`}`
`68`	`68`
`69`		`- if err = utils.Execute("chmod", filebLogPath, "-R", "777", "filebeat"); err != nil {`
	`69`	`+ if err = utils.Execute("chmod", filebLogPath, "-R", "755", "filebeat"); err != nil {`
`70`	`70`	`return fmt.Errorf("error executing chmod: %v", err)`
`71`	`71`	`}`
`72`	`72`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ func handleDependenciesPostDownload(dependencies []string) error {`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`if runtime.GOOS == "linux" \|\| runtime.GOOS == "darwin" {`
`42`		`- if err := utils.Execute("chmod", utils.GetMyPath(), "-R", "777", fmt.Sprintf(config.UpdaterSelf, "")); err != nil {`
	`42`	`+ if err := utils.Execute("chmod", utils.GetMyPath(), "-R", "755", fmt.Sprintf(config.UpdaterSelf, "")); err != nil {`
`43`	`43`	`return fmt.Errorf("error executing chmod on %s: %v", fmt.Sprintf(config.UpdaterSelf, ""), err)`
`44`	`44`	`}`
`45`	`45`	`}`
`@@ -48,7 +48,7 @@ func handleDependenciesPostDownload(dependencies []string) error {`
`48`	`48`	`return fmt.Errorf("error removing file %s: %v", file, err)`
`49`	`49`	`}`
`50`	`50`	`} else if runtime.GOOS == "linux" \|\| runtime.GOOS == "darwin" {`
`51`		`- if err := utils.Execute("chmod", utils.GetMyPath(), "-R", "777", file); err != nil {`
	`51`	`+ if err := utils.Execute("chmod", utils.GetMyPath(), "-R", "755", file); err != nil {`
`52`	`52`	`return fmt.Errorf("error executing chmod on %s: %v", file, err)`
`53`	`53`	`}`
`54`	`54`	`}`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ func UpdateDependencies(cnf *config.Config) {`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`if runtime.GOOS == "linux" \|\| runtime.GOOS == "darwin" {`
`58`		`- if err = utils.Execute("chmod", utils.GetMyPath(), "-R", "777", filepath.Join(utils.GetMyPath(), fmt.Sprintf(config.ServiceFile, "_new"))); err != nil {`
	`58`	`+ if err = utils.Execute("chmod", utils.GetMyPath(), "-R", "755", filepath.Join(utils.GetMyPath(), fmt.Sprintf(config.ServiceFile, "_new"))); err != nil {`
`59`	`59`	`utils.Logger.ErrorF("error executing chmod: %v", err)`
`60`	`60`	`}`
`61`	`61`	`}`