From 01c47cf00572cd3037845a3dd7a6de3a649cf62c Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 11 Jul 2023 11:31:29 -0500
Subject: config-mgmt: T5347: correct logrotate conf permissions on system
 update

---
 python/vyos/config_mgmt.py | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py
index 26114149f..e1870aa0a 100644
--- a/python/vyos/config_mgmt.py
+++ b/python/vyos/config_mgmt.py
@@ -21,6 +21,8 @@ import logging
 from typing import Optional, Tuple, Union
 from filecmp import cmp
 from datetime import datetime
+from textwrap import dedent
+from pathlib import Path
 from tabulate import tabulate
 
 from vyos.config import Config
@@ -456,19 +458,18 @@ Proceed ?'''
         return ConfigTree(c)
 
     def _add_logrotate_conf(self):
-        conf = f"""{archive_config_file} {{
-    su root vyattacfg
-    rotate {self.max_revisions}
-    start 0
-    compress
-    copy
-}}"""
-        mask = os.umask(0o133)
-
-        with open(logrotate_conf, 'w') as f:
-            f.write(conf)
-
-        os.umask(mask)
+        conf: str = dedent(f"""\
+        {archive_config_file} {{
+            su root vyattacfg
+            rotate {self.max_revisions}
+            start 0
+            compress
+            copy
+        }}
+        """)
+        conf_file = Path(logrotate_conf)
+        conf_file.write_text(conf)
+        conf_file.chmod(0o644)
 
     def _archive_active_config(self) -> bool:
         mask = os.umask(0o113)
-- 
cgit v1.2.3