Kubernetes configuration file is group/world-readable

[rVlad]

Hello. Recently I've ran the following command

Code:

chmod a+r /etc/rancher/k3s/k3s.yaml 

hoping to be able to create a SMB share with the apps folder but after that I discovered that I created an issue. Now I get the following error whenever I try to update any of the apps.

Code:

[EFAULT] Failed to upgrade chart release: WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /etc/rancher/k3s/k3s.yaml 

After a quick search got the first part sorted by removing the read permissions with

Code:

 chmod go-r /etc/rancher/k3s/k3s.yaml

but now I get the following error for Emby for example :

Code:

[EFAULT] Failed to upgrade chart release: Error: UPGRADE FAILED: template: emby/templates/common.yaml:1:3: executing "emby/templates/common.yaml" at : error calling include: template: emby/charts/common/templates/loader/_all.tpl:6:6: executing "tc.v1.common.loader.all" at : error calling include: template: emby/charts/common/templates/loader/_apply.tpl:47:6: executing "tc.v1.common.loader.apply" at : error calling include: template: emby/charts/common/templates/spawner/_pvc.tpl:25:10: executing "tc.v1.common.spawner.pvc" at : error calling include: template: emby/charts/common/templates/lib/storage/_validation.tpl:18:43: executing "tc.v1.common.lib.persistence.validation" at <$objectData.static.mode>: nil pointer evaluating interface {}.mode 

Any ideas? If any other info is needed please let me know.

 

[sretalla]

Looks to me like the permissions listed on an un-modified version:

Code:

root@scale2[~]# ls -l /etc/rancher/k3s/k3s.yaml
-rw------- 1 root root 2961 Nov  6 16:01 /etc/rancher/k3s/k3s.yaml

Have Owner with rw and nothing else... looks like 600 to me:

chmod 600 /etc/rancher/k3s/k3s.yaml

should fix that.

 

[rVlad]

Looks to me like the permissions listed on an un-modified version:

Code:

root@scale2[~]# ls -l /etc/rancher/k3s/k3s.yaml
-rw------- 1 root root 2961 Nov  6 16:01 /etc/rancher/k3s/k3s.yaml

Have Owner with rw and nothing else... looks like 600 to me:

chmod 600 /etc/rancher/k3s/k3s.yaml

should fix that.

Ran the command but still get this error.

Code:

Error: [EFAULT] Failed to upgrade chart release: Error: UPGRADE FAILED: template: emby/templates/common.yaml:1:3: executing "emby/templates/common.yaml" at < include "tc.v1.common.loader.all" . >: error calling include: template: emby/charts/common/templates/loader/_all.tpl:6:6: executing "tc.v1.common.loader.all" at : error calling include: template: emby/charts/common/templates/loader/_apply.tpl:47:6: executing "tc.v1.common.loader.apply" at : error calling include: template: emby/charts/common/templates/spawner/_pvc.tpl:25:10: executing "tc.v1.common.spawner.pvc" at : error calling include: template: emby/charts/common/templates/lib/storage/_validation.tpl:18:43: executing "tc.v1.common.lib.persistence.validation" at <$objectData.static.mode>: nil pointer evaluating interface {}.mode

This is what I get.

Code:

root@truenas[~]# ls -l /etc/rancher/k3s/k3s.yaml       
-rwx------ 1 root root 2957 Dec 27 00:37 /etc/rancher/k3s/k3s.yaml