The stash-config.properties contains sensitive information like SQL credentials in plain text. The contents of the file should not be world-readable.

Stash uses the default file permissions of the running user for all the files it creates. For a zip/tar.gz install of Stash it is up to the administrator to configure the run user correctly. However, the Linux installer automatically creates atlstash user. The installer should ensure the stash-config.properties file is not world-readable.