Since /etc/mysql/my.cnf contains the [client] section, normal

justinellison · justinellison · commit 11280bea2389 · 2011-12-30T17:49:18.000-06:00
users need to be able to read that file.  We should set 0644
on /etc/mysql/my.cnf, but use 0400 on /etc/my.cnf and
/root/.my.cnf because they contain passwords in plaintext.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -25,18 +25,19 @@
     }
     file{'/root/.my.cnf':
       content => template('mysql/my.cnf.pass.erb'),
+      mode  => '0400',
     }
     if $etc_root_password {
        file{'/etc/my.cnf':
           content => template('mysql/my.cnf.pass.erb'),
           require => Exec['set_mysql_rootpw'],
+          mode  => '0400',
        }
     }
   }
   File {
     owner => 'root',
     group => 'root',
-    mode  => '0400',
     notify  => Exec['mysqld-restart'],
     require => Package['mysql-server']
   }

Original file line number	Diff line number	Diff line change
`@@ -25,18 +25,19 @@`
`25`	`25`	`}`
`26`	`26`	`file{'/root/.my.cnf':`
`27`	`27`	`content => template('mysql/my.cnf.pass.erb'),`
	`28`	`+ mode => '0400',`
`28`	`29`	`}`
`29`	`30`	`if $etc_root_password {`
`30`	`31`	`file{'/etc/my.cnf':`
`31`	`32`	`content => template('mysql/my.cnf.pass.erb'),`
`32`	`33`	`require => Exec['set_mysql_rootpw'],`
	`34`	`+ mode => '0400',`
`33`	`35`	`}`
`34`	`36`	`}`
`35`	`37`	`}`
`36`	`38`	`File {`
`37`	`39`	`owner => 'root',`
`38`	`40`	`group => 'root',`
`39`		`- mode => '0400',`
`40`	`41`	`notify => Exec['mysqld-restart'],`
`41`	`42`	`require => Package['mysql-server']`
`42`	`43`	`}`