I think we should follow bug 1458915 principles and remove any POSIX user/group control. So all modules are consistent among which other This hardening actions should be reported to specific package mantainers.
On Wed, Sep 23, 2015 at 6:10 PM, Alex Schultz <aschu...@mirantis.com> wrote: > On Wed, Sep 23, 2015 at 2:32 PM, Alex Schultz <aschu...@mirantis.com> > wrote: > > Hey all, > > > > So as part of the Puppet mid-cycle, we did bug triage. One of the > > bugs that was looked into was bug 1289631[0]. This bug is about > > applying the recommendations from the security guide[1] within the > > puppet-swift module. So I'm sending a note out to get other feedback > > on if this is a good idea or not. Should we be applying this type of > > security items within the puppet modules by default? Should we make > > this optional? Thoughts? > > > > > > Thanks, > > -Alex > > > > > > [0] https://bugs.launchpad.net/puppet-swift/+bug/1289631 > > [1] > http://docs.openstack.org/security-guide/object-storage.html#securing-services-general > > Also for the puppet side of this conversation, the change for the > security items[0] also seems to conflict with bug 1458915[1] which is > about removing the posix users/groups/file modes. So which direction > should we go? > > [0] https://review.openstack.org/#/c/219883/ > [1] https://bugs.launchpad.net/puppet-swift/+bug/1458915 > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- *guilherme* \n \t *maluf*
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev