[Bug 1859422] Re: security: default ownership and permissions
Launchpad Bug Tracker
1859422 at bugs.launchpad.net
Thu Mar 26 22:36:55 UTC 2020
This bug was fixed in the package mistral - 10.0.0~b3~git2020032611
.8a5d35ac-0ubuntu1
---------------
mistral (10.0.0~b3~git2020032611.8a5d35ac-0ubuntu1) focal; urgency=medium
* New upstream snapshot for OpenStack Ussuri.
* d/control: Align (Build-)Depends with upstream.
* d/mistral-common.postinst.in: Set default ownership and permissions
for /etc/<pkg>, /var/lib/<pkg>, and /var/log/<pkg> (LP: #1859422).
* d/p/skip-test.patch: Dropped. No longer needed.
-- Corey Bryant <corey.bryant at canonical.com> Thu, 26 Mar 2020 11:34:22
-0400
** Changed in: mistral (Ubuntu)
Status: Triaged => Fix Released
** Changed in: murano (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/1859422
Title:
security: default ownership and permissions
Status in aodh package in Ubuntu:
Fix Released
Status in barbican package in Ubuntu:
Fix Released
Status in cinder package in Ubuntu:
Triaged
Status in designate package in Ubuntu:
Fix Released
Status in glance package in Ubuntu:
Triaged
Status in gnocchi package in Ubuntu:
Triaged
Status in heat package in Ubuntu:
Fix Released
Status in ironic package in Ubuntu:
Fix Released
Status in keystone package in Ubuntu:
Fix Released
Status in manila package in Ubuntu:
Fix Released
Status in masakari package in Ubuntu:
Triaged
Status in masakari-monitors package in Ubuntu:
Fix Released
Status in mistral package in Ubuntu:
Fix Released
Status in murano package in Ubuntu:
Fix Released
Status in murano-agent package in Ubuntu:
Triaged
Status in neutron package in Ubuntu:
Fix Released
Status in nova package in Ubuntu:
Triaged
Status in octavia package in Ubuntu:
Triaged
Status in openstack-trove package in Ubuntu:
Fix Released
Status in placement package in Ubuntu:
Fix Released
Status in python-glance-store package in Ubuntu:
Triaged
Status in sahara package in Ubuntu:
Fix Released
Status in senlin package in Ubuntu:
Triaged
Status in swift package in Ubuntu:
Triaged
Status in watcher package in Ubuntu:
Fix Released
Status in zaqar package in Ubuntu:
Fix Released
Bug description:
Package should security directories and files as below:
chown <pkg>:adm /var/log/<pkg>
chmod 0750 /var/log/<pkg>
find /etc/<pkg> -exec chown root:<pkg> "{}" +
find /etc/<pkg> -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +
# Optional rootwrap.d configuration files.
find /etc/<pkg>/rootwrap.d -exec chown root:root "{}" +
find /etc/<pkg>/rootwrap.d -type f -exec chmod 0644 "{}" + -o -type d -exec chmod 0755 "{}" +
chown <pkg>:<pkg> /var/lib/<pkg>
chmod 0750 /var/lib/<pkg>
For keystone, /etc/ files/directories should be owned by
keystone:keystone: https://docs.openstack.org/security-
guide/identity/checklist.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aodh/+bug/1859422/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list