Package: waagent Version: 2.2.14-1~deb9u1 Severity: normal Hi Bastian,
The postinst script for the waagent package creates the /var/lib/waagent dir with mode "u+rwx". This appears OK, but with the default umask the result is that /var/lib/waagent is created with mode 0755. It would be better if it was 0700. So in postinst instead of setting mode "u+rwx" we could perhaps use something like "u+rwx,g=,o=" instead. For example, the upstream agent will create /var/lib/waagent on the fly with perm 0700 if it does not already exist: https://github.com/Azure/WALinuxAgent/blob/4316e399cee9359c59298ff494b58ffbf5121e2b/azurelinuxagent/daemon/main.py#L110 -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages waagent depends on: ii bind9-host [host] 1:9.10.3.dfsg.P4-12.3+deb9u3 ii ca-certificates 20161130+nmu1 ii eject 2.1.5+deb1+cvs20081104-13.2 ii host 1:9.10.3.dfsg.P4-12.3+deb9u3 ii init-system-helpers 1.48 ii iptables 1.6.0+snapshot20161117-6 ii net-tools 1.60+git20161116.90da8a0-1 ii openssh-server 1:7.4p1-10+deb9u1 ii openssl 1.1.0f-3 ii parted 3.2-17 ii python3 3.5.3-1 ii python3-pkg-resources 33.1.1-1 ii sudo 1.8.19p1-2.1 waagent recommends no packages. waagent suggests no packages. -- no debconf information