From 1c8916d28ac1c1a2ca31b037f74443532eabe5c5 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 21 Apr 2026 12:19:25 +0000
Subject: [PATCH] =?UTF-8?q?fix:=20edge-control:=20audit=20log=20silently?=
 =?UTF-8?q?=20never=20writes=20=E2=80=94=20file=20mode=200640=20+=20group?=
 =?UTF-8?q?=20disinto-register=20denies=20the=20writer=20(#1109)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change log file mode from 0640 to 0660 so the disinto-register group
(which the writer runs under) has write permission. Apply the same fix
to the logrotate create directive so rotated files remain writable.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 tools/edge-control/install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/edge-control/install.sh b/tools/edge-control/install.sh
index cf21456..384e70b 100755
--- a/tools/edge-control/install.sh
+++ b/tools/edge-control/install.sh
@@ -181,7 +181,7 @@ chmod 0750 "$LOG_DIR"
 
 # Touch the log file so it exists from day one
 touch "$LOG_FILE"
-chmod 0640 "$LOG_FILE"
+chmod 0660 "$LOG_FILE"
 chown root:disinto-register "$LOG_FILE"
 
 # Install logrotate config (daily rotation, 30 days retention)
@@ -194,7 +194,7 @@ ${LOG_FILE} {
     delaycompress
     missingok
     notifempty
-    create 0640 root disinto-register
+    create 0660 root disinto-register
     copytruncate
 }
 EOF
-- 
2.49.1