[Bug 900553] [NEW] Any user can manage the keystone database via keystone-manage
Launchpad Bug Tracker
900553 at bugs.launchpad.net
Tue Dec 6 06:50:07 UTC 2011
You have been subscribed to a public bug by Adam Gandelman (gandelman-a):
Using keystone against an external mysql database, users have access to
manage the keystone database, ie:
ubuntu at ip-10-12-14-3:~$ keystone-manage user add tester p at ssword
ubuntu at ip-10-12-14-3:~$ keystone-manage role add Admin
ubuntu at ip-10-12-14-3:~$ keystone-manage role grant Admin tester
Permissions on either /usr/bin/keystone-manage or
/etc/keystone/keystone.conf need to be tightened. I believe this is not
an issue with the default package installation since keystone defaults
to /var/lib/keystone/keystone.db as its backing store, which is owned
0755 by user keystone (perhaps this should also be restricted to 0600?)
** Affects: keystone (Ubuntu)
Importance: Undecided
Status: New
--
Any user can manage the keystone database via keystone-manage
https://bugs.launchpad.net/bugs/900553
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list