[Bug 900553] [NEW] Any user can manage the keystone database via keystone-manage
Adam Gandelman
900553 at bugs.launchpad.net
Tue Dec 6 01:09:48 UTC 2011
Public bug reported:
Using keystone against an external mysql database, users have access to
manage the keystone database, ie:
ubuntu at ip-10-12-14-3:~$ keystone-manage user add tester p at ssword
ubuntu at ip-10-12-14-3:~$ keystone-manage role add Admin
ubuntu at ip-10-12-14-3:~$ keystone-manage role grant Admin tester
Permissions on either /usr/bin/keystone-manage or
/etc/keystone/keystone.conf need to be tightened. I believe this is not
an issue with the default package installation since keystone defaults
to /var/lib/keystone/keystone.db as its backing store, which is owned
0755 by user keystone (perhaps this should also be restricted to 0600?)
** Affects: keystone (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/900553
Title:
Any user can manage the keystone database via keystone-manage
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/900553/+subscriptions
More information about the Ubuntu-server-bugs
mailing list