Trusted cert file permissions being changed during reconfigure
While I've been installing gitlab a few times today a I have just noticed that something is changing the file permissions for a certificate installed into /etc/gitlab/trusted-certs to be 0755 which seem a bit odd.
/etc/gitlab $ ls -al trusted-certs/
total 4
drwxr-xr-x 2 root root 42 Nov 9 17:37 .
drwxrwxr-x 4 root root 105 Nov 9 17:34 ..
lrwxrwxrwx 1 root root 12 Nov 9 17:37 b3e1d9ed.0 -> lds-root.crt
-rwxr-xr-x 1 root root 2024 Oct 18 13:50 lds-root.crt
I'm sure the file was 0644 when I put it into that folder, and searching the reconfigure logs shows the following entries:
cloud@gitlab4:/var/log/gitlab/reconfigure> grep -i trusted-certs *
1510246225.log:[2017-11-09T16:50:34+00:00] INFO: directory[/etc/gitlab/trusted-certs] mode changed to 755
Which would make sense for the folder but not for the cert usually (the nginx ssl cert permissions aren't changed for example).
Should the cert files really be 0755? If not what is changing them, I think it may be https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/recipes/add_trusted_certs.rb#L18 which is recursively changing permissions to 0755 but that doesn't seem right.