[Bug 1675088] Re: Restrict permissions on Openstack installation

2020-01-13 Thread James Page 
** Also affects: aodh (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: aodh (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2020-01-13 Thread James Page 
Missed:

chmod 0750 /var/lib/aodh

in #24

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2019-12-11 Thread James Page 
Scoping any further remediation work for 20.04 cycle.

Permissions snippet from postinst should look something like:


chown -R aodh:adm /var/log/aodh
chmod 0750 /var/log/aodh
chown -R root:aodh /etc/aodh
chmod 0750 /etc/aodh
chown -R aodh:aodh /var/lib/aodh

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2018-05-14 Thread Corey Bryant 
This bug was fixed in the package glance - 2:14.0.1-0ubuntu1~cloud0
---

 glance (2:14.0.1-0ubuntu1~cloud0) xenial-ocata; urgency=medium
 .
   [ Chuck Short ]
   * d/glance-common.postinst: Make sure the permissions on /etc/glance is
 set to 0700. (LP: #1675088)
 .
   [ Corey Bryant ]
   * New stable point release for OpenStack Ocata (LP: #1759855).
   * d/glance-common.postinst: Fix permissions on /etc/glance so that
 the glance user can actually access the directory (LP: #1675088).


** Changed in: cloud-archive/ocata
   Status: Fix Committed => Fix Released

** Changed in: cloud-archive
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2018-05-11 Thread Corey Bryant 
Testing has completed successfully for glance in ocata-proposed:

root@x1:~# ls -al /etc/glance/
total 28
drwxr-x---  3 root glance 4096 May 11 17:49 .

And ocata-proposed regression tests passed:

==
Totals
==
Ran: 102 tests in 1806.1829 sec.
 - Passed: 94
 - Skipped: 8
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 1104.3589 sec.


** Tags removed: verification-ocata-needed
** Tags added: verification-ocata-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2018-05-10 Thread Corey Bryant 
Marking Zesty as Won't Fix since it is no longer supported.

** Changed in: horizon (Ubuntu Zesty)
   Status: Triaged => Won't Fix

** Changed in: horizon (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2018-05-10 Thread Corey Bryant 
This was fixed since Ocata rather than Zesty/Ocata for horizon.
Nonetheless it's fixed in all new horizon releases since Ocata.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2018-05-10 Thread Corey Bryant 
Marking horizon (Ubuntu) as Fix Released as this is fixed since
Zesty/Ocata.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2018-05-01 Thread Corey Bryant 
horizon was fix-released in 3:12.0.0~b1-0ubuntu1 for artful/pike.

** Changed in: horizon (Ubuntu Artful)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2018-05-01 Thread Corey Bryant 
heat is fix-released for pike cloud-archive

** Also affects: cloud-archive/ocata
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/pike
   Importance: Undecided
   Status: New

** Changed in: cloud-archive/pike
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2017-07-17 Thread Launchpad Bug Tracker 
This bug was fixed in the package heat - 1:8.0.1-0ubuntu1

---
heat (1:8.0.1-0ubuntu1) zesty; urgency=medium

  [ Chuck Short ]
  * d/heat-common.postinst: Make sure that /etc/heat has the appropriate
permissions (LP: #1675088).

  [ James Page ]
  * New upstream stable release for OpenStack Ocata (LP: #1696139).

 -- James Page   Wed, 07 Jun 2017 16:02:28 +0100

** Changed in: heat (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2017-07-04 Thread James Page 
(NOTE that heat also forms part of the functional testing done for the
8.0.1 point release that this fix was included with).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2017-07-04 Thread James Page 
# ls -l /etc | grep heat
drwx-- 3 heat heat   6 Jul  4 15:46 heat

# apt-cache policy heat-common
heat-common:
  Installed: 1:8.0.1-0ubuntu1
  Candidate: 1:8.0.1-0ubuntu1
  Version table:
 *** 1:8.0.1-0ubuntu1 500
500 http://archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
 1:8.0.0-0ubuntu1 500
500 http://archive.ubuntu.com/ubuntu zesty/main amd64 Packages


** Tags removed: verification-needed
** Tags added: verification-done-zesty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2017-06-16 Thread Andy Whitcroft 
Hello Joseph, or anyone else affected,

Accepted heat into zesty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/heat/1:8.0.1-0ubuntu1
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: heat (Ubuntu Zesty)
   Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2017-06-15 Thread Launchpad Bug Tracker 
This bug was fixed in the package heat - 1:9.0.0~b1-0ubuntu2

---
heat (1:9.0.0~b1-0ubuntu2) artful; urgency=medium

  * No-change rebuild for sqlalchemy 1.1.x.

 -- James Page   Fri, 28 Apr 2017 10:04:45 +0100

** Changed in: heat (Ubuntu Artful)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2017-06-07 Thread James Page 
** Description changed:

+ [Impact]
+ Default configuration file permissions may allow read by unprivileged users 
other than the package system account.
+ 
+ [Test Case]
+ 
+ 
+ [Regression Potential]
+ 
+ [Original Bug Report]
  Example given by CPE:
  
  Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, 
horizon:horizon
  Permssions for /etc/cinder/ are too loose (750).  Should be 700, cinder:cinder
  Permssions for /etc/glance/ are too loose (755).  Should be 700, glance:glance
  Permssions for /etc/heat/ are too loose (750).  Should be 700, heat:heat
  Permssions for /etc/ceilometer/ are too loose (755).  Should be 700, 
ceilometer:ceilometer
  
- 
  Will leave for you to evaluate best permissions.

** Description changed:

  [Impact]
  Default configuration file permissions may allow read by unprivileged users 
other than the package system account.
  
  [Test Case]
+ sudo apt install -common
+ ls -l /etc/
+ a) folder will be readable b) files may be readable
  
  
  [Regression Potential]
  
  [Original Bug Report]
  Example given by CPE:
  
  Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, 
horizon:horizon
  Permssions for /etc/cinder/ are too loose (750).  Should be 700, cinder:cinder
  Permssions for /etc/glance/ are too loose (755).  Should be 700, glance:glance
  Permssions for /etc/heat/ are too loose (750).  Should be 700, heat:heat
  Permssions for /etc/ceilometer/ are too loose (755).  Should be 700, 
ceilometer:ceilometer
  
  Will leave for you to evaluate best permissions.

** Description changed:

  [Impact]
  Default configuration file permissions may allow read by unprivileged users 
other than the package system account.
  
  [Test Case]
  sudo apt install -common
  ls -l /etc/
- a) folder will be readable b) files may be readable
- 
+ a) folder may be readable b) files may be readable
  
  [Regression Potential]
+ 
  
  [Original Bug Report]
  Example given by CPE:
  
  Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, 
horizon:horizon
  Permssions for /etc/cinder/ are too loose (750).  Should be 700, cinder:cinder
  Permssions for /etc/glance/ are too loose (755).  Should be 700, glance:glance
  Permssions for /etc/heat/ are too loose (750).  Should be 700, heat:heat
  Permssions for /etc/ceilometer/ are too loose (755).  Should be 700, 
ceilometer:ceilometer
  
  Will leave for you to evaluate best permissions.

** Description changed:

  [Impact]
  Default configuration file permissions may allow read by unprivileged users 
other than the package system account.
  
  [Test Case]
  sudo apt install -common
  ls -l /etc/
  a) folder may be readable b) files may be readable
  
  [Regression Potential]
+ Medium; if a openstack daemon can't read its config files, it won't startup; 
however most packages are covered by DEP-8 tests and we'll test
+ a full OpenStack deployment using the normal SRU testing process:
  
+ https://wiki.ubuntu.com/OpenStack/StableReleaseUpdates
  
  [Original Bug Report]
  Example given by CPE:
  
  Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, 
horizon:horizon
  Permssions for /etc/cinder/ are too loose (750).  Should be 700, cinder:cinder
  Permssions for /etc/glance/ are too loose (755).  Should be 700, glance:glance
  Permssions for /etc/heat/ are too loose (750).  Should be 700, heat:heat
  Permssions for /etc/ceilometer/ are too loose (755).  Should be 700, 
ceilometer:ceilometer
  
  Will leave for you to evaluate best permissions.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2017-06-07 Thread James Page 
heat fix is stuck in artful-proposed (Marked Fix Committed).

** Also affects: heat (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: heat (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Changed in: heat (Ubuntu Artful)
   Status: New => Fix Committed

** Changed in: heat (Ubuntu Artful)
   Importance: Undecided => Medium

** Changed in: heat (Ubuntu Zesty)
   Importance: Undecided => Medium

** Changed in: heat (Ubuntu Zesty)
   Status: New => In Progress

** Also affects: horizon (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: horizon (Ubuntu Artful)
   Status: New => Fix Committed

** Changed in: horizon (Ubuntu Artful)
   Importance: Undecided => Medium

** Changed in: horizon (Ubuntu Zesty)
   Importance: Undecided => Medium

** Changed in: horizon (Ubuntu Zesty)
   Status: New => Triaged

** Changed in: horizon (Ubuntu Zesty)
   Status: Triaged => In Progress

** Changed in: horizon (Ubuntu Zesty)
   Status: In Progress => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1675088] Re: Restrict permissions on Openstack installation

2017-04-24 Thread James Page 
** Also affects: heat (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675088

Title:
  Restrict permissions on Openstack installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs