https://github.com/William-Yeh/ansible-prometheus/blob/master/tasks/main.yml#L34
makes the /opt/prometheus directory mode 750 and owned by user prometheus, which is exactly the wrong thing to do. The files must be owned by root so that, in the case of compromise of any service running as user prometheus, the attacker (running as user prometheus) cannot modify any part of /opt/prometheus.
Please fix this security issue. Thank you very much.
https://github.com/William-Yeh/ansible-prometheus/blob/master/tasks/main.yml#L34
makes the /opt/prometheus directory mode 750 and owned by user prometheus, which is exactly the wrong thing to do. The files must be owned by root so that, in the case of compromise of any service running as user prometheus, the attacker (running as user prometheus) cannot modify any part of /opt/prometheus.
Please fix this security issue. Thank you very much.