[Bug 1820992] Re: Package installs files with loose permissions
Corey Bryant
corey.bryant at canonical.com
Wed Mar 20 15:17:55 UTC 2019
Here's an example of recent changes to designate to fix that up:
https://git.launchpad.net/~ubuntu-server-
dev/ubuntu/+source/designate/commit/?id=43ef5068e7a3e6ab831e7dfce15a69bcbeb89002
Note that sets /etc/desigate to 750 root:designate which should allow
for config files in that directory to get default 644 permissions.
** Changed in: keystone (Ubuntu)
Status: New => Triaged
** Changed in: keystone (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1820992
Title:
Package installs files with loose permissions
Status in OpenStack keystone charm:
New
Status in keystone package in Ubuntu:
Triaged
Bug description:
The OpenStack Security Guide [1] suggests that the listed files should
have permissions of 640 (or tighter), below are files delivered via
the package that differ from that recommendation:
- /etc/keystone/keystone.conf
- /etc/keystone/keystone-paste.ini
- /etc/keystone/logging.conf
[1]: https://docs.openstack.org/security-guide/identity/checklist.html
#check-identity-02-are-strict-permissions-set-for-identity-
configuration-files
This is on a fresh Bionic (Queens) package
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-keystone/+bug/1820992/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list