Should I mess with file permissions in the Jenkins home directory?

Question

Looking in /var/lib/jenkins on a relatively fresh install, I notice some file permissions that are, well, scary:

-rw-r--r--  1 jenkins jenkins  7285 Apr 29 13:29 config.xml
-rw-r--r--  1 jenkins jenkins  4008 Apr 28 21:04 credentials.xml
-rw-r--r--  1 jenkins jenkins    64 Apr 28 13:57 secret.key

And in /var/lib/jenkins/secrets:

-rw-r--r--  1 jenkins jenkins  272 Apr 28 15:08 hudson.console.AnnotatedLargeText.consoleAnnotator
-rw-r--r--  1 jenkins jenkins   32 Apr 28 15:08 hudson.model.Job.serverCookie
-rw-r--r--  1 jenkins jenkins  272 Apr 28 14:25 hudson.util.Secret
-rw-r--r--  1 jenkins jenkins   32 Apr 28 13:57 jenkins.model.Jenkins.crumbSalt
-rw-r--r--  1 jenkins jenkins   48 Apr 28 14:25 jenkins.security.ApiTokenProperty.seed
-rw-r--r--  1 jenkins jenkins  256 Apr 28 13:57 master.key
-rw-r--r--  1 jenkins jenkins  272 Apr 28 13:57 org.jenkinsci.main.modules.instance_identity.InstanceIdentity.KEY
-rw-r--r--  1 jenkins jenkins    5 Apr 29 13:29 slave-to-master-security-kill-switch

I'm thinking all these files should be set to mode 600 with owner jenkins, but I'm not sure if I'm being paranoid. Is there some reason why the maintainers haven't locked these files down more? Is there some other well-protected master key that makes these files by themselves less valuable?

Answer 1

The above permissions seems standard across all Jenkins. Changing the permissions have messed up the set up for me in the past.