/var/log/percona too permissive

[NielsH]

Hello,

We have noticed that /var/log/percona is very permissive (chmod 777) and the log files inside that directory, being mode 644, are world-readable.
This happens on our Debian 12 servers through the postinst script:

#!/bin/sh


mkdir -p /var/log/percona
chmod -R go+w /var/log/percona
systemctl daemon-reload
systemctl enable percona-telemetry-agent.service || true
systemctl start percona-telemetry-agent.service

[...]

I noticed that the postinst script in this repo is different ( https://github.com/percona/telemetry-agent/blob/main/packaging/debian/postinst ) - so I am wondering if perhaps the Debian repo wasn't updated with the new build?

We are using this version, which appears to be the latest version available on the Percona repository:

percona-telemetry-agent:
  Installed: 1.0.1-1.bookworm
  Candidate: 1.0.1-1.bookworm
  Version table:
 *** 1.0.1-1.bookworm 500
        500 http://repo.percona.com/ps-80/apt bookworm/main amd64 Packages
        100 /var/lib/dpkg/status

Could you let me know if this is something we should change on our side or if it is something that can be fixed in the repository? Or is it considered not an issue?

Cheers!
Niels