From 8174516d3bea544f234244b91e485501e0682d45 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Thu, 4 Jun 2020 15:10:14 -0400
Subject: [PATCH] properly write rsyslog configuration as 0640

see: https://github.com/ansible/tower/issues/4383
---
 awx/main/utils/external_logging.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/awx/main/utils/external_logging.py b/awx/main/utils/external_logging.py
index ac9d2834c8..f551dad2c2 100644
--- a/awx/main/utils/external_logging.py
+++ b/awx/main/utils/external_logging.py
@@ -1,6 +1,6 @@
 import os
 import shutil
-import tempfile 
+import tempfile
 import urllib.parse as urlparse
 
 from django.conf import settings
@@ -117,6 +117,7 @@ def reconfigure_rsyslog():
     with tempfile.TemporaryDirectory(prefix='rsyslog-conf-') as temp_dir:
         path = temp_dir + '/rsyslog.conf.temp'
         with open(path, 'w') as f:
+            os.chmod(path, 0o640)
             f.write(tmpl + '\n')
         shutil.move(path, '/var/lib/awx/rsyslog/rsyslog.conf')
     supervisor_service_command(command='restart', service='awx-rsyslogd')