[Bug 1869132] Re: [focal] /etc/keystone owned by root

Corey Bryant corey.bryant at canonical.com
Thu Mar 26 15:30:02 UTC 2020


This looks mostly correct with what we're doing via LP: #1859422,
specifically:

find /etc/<pkg> -exec chown root:<pkg> "{}" +
find /etc/<pkg> -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +

I think the /etc/keystone/policy.d directory is created by the charm and
the permissions are very lenient but I think the 750 directory
permissions should prevent "other" from accessing anything in
/etc/keystone (should test that).

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1869132

Title:
  [focal] /etc/keystone owned by root

Status in keystone package in Ubuntu:
  New

Bug description:
  root at juju-c9e7e0-4:/etc# dpkg -l keystone
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name           Version                                      Architecture Description
  +++-==============-============================================-============-====================================
  ii  keystone       2:17.0.0~b3~git2020032415.9f9040257-0ubuntu1 all          OpenStack identity service - Daemons
  root at juju-c9e7e0-4:/etc# ls -ld /etc
  drwxr-xr-x 82 root root 154 Mar 26 06:51 /etc
  root at juju-c9e7e0-4:/etc# ls -ld /etc/keystone
  drwxr-x--- 3 root keystone 8 Mar 26 06:51 /etc/keystone
  root at juju-c9e7e0-4:/etc# ls -l /etc/keystone
  total 215
  -rw-r----- 1 root     keystone   2303 Mar 24 19:01 default_catalog.templates
  -rw-r----- 1 root     keystone 104730 Mar 24 19:02 keystone.conf
  -rw-r----- 1 root     keystone  96670 Mar 24 19:02 keystone.policy.yaml
  -rw-r----- 1 root     keystone   1046 Mar 24 19:02 logging.conf
  drwxrwxr-x 2 keystone keystone      2 Mar 26 06:51 policy.d
  -rw-r----- 1 root     keystone    665 Mar 24 19:01 sso_callback_template.html
  root at juju-c9e7e0-4:/etc#

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/1869132/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list