Check permissions on /var/rudder files, particularly modified-files
Critical - prevents main use of Rudder | no workaround | data loss | security
Operational - other Techniques | Technique editor | Rudder settings
Modified files have the permission of the modified files, which can lead to be world-readable as the folder itself is 755.
For example, if I edit a 644 file in a 700 directory, it will be 644 in the modified-files, and accessible to everybody. There should be no need for modified-files to be world-readable, and we should enforce 700 for it.