** Description changed: + [Impact] + Default configuration file permissions may allow read by unprivileged users other than the package system account. + + [Test Case] + + + [Regression Potential] + + [Original Bug Report] Example given by CPE: Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, horizon:horizon Permssions for /etc/cinder/ are too loose (750). Should be 700, cinder:cinder Permssions for /etc/glance/ are too loose (755). Should be 700, glance:glance Permssions for /etc/heat/ are too loose (750). Should be 700, heat:heat Permssions for /etc/ceilometer/ are too loose (755). Should be 700, ceilometer:ceilometer - Will leave for you to evaluate best permissions.
** Description changed: [Impact] Default configuration file permissions may allow read by unprivileged users other than the package system account. [Test Case] + sudo apt install <pkg>-common + ls -l /etc/<pkg> + a) folder will be readable b) files may be readable [Regression Potential] [Original Bug Report] Example given by CPE: Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, horizon:horizon Permssions for /etc/cinder/ are too loose (750). Should be 700, cinder:cinder Permssions for /etc/glance/ are too loose (755). Should be 700, glance:glance Permssions for /etc/heat/ are too loose (750). Should be 700, heat:heat Permssions for /etc/ceilometer/ are too loose (755). Should be 700, ceilometer:ceilometer Will leave for you to evaluate best permissions. ** Description changed: [Impact] Default configuration file permissions may allow read by unprivileged users other than the package system account. [Test Case] sudo apt install <pkg>-common ls -l /etc/<pkg> - a) folder will be readable b) files may be readable - + a) folder may be readable b) files may be readable [Regression Potential] + [Original Bug Report] Example given by CPE: Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, horizon:horizon Permssions for /etc/cinder/ are too loose (750). Should be 700, cinder:cinder Permssions for /etc/glance/ are too loose (755). Should be 700, glance:glance Permssions for /etc/heat/ are too loose (750). Should be 700, heat:heat Permssions for /etc/ceilometer/ are too loose (755). Should be 700, ceilometer:ceilometer Will leave for you to evaluate best permissions. ** Description changed: [Impact] Default configuration file permissions may allow read by unprivileged users other than the package system account. [Test Case] sudo apt install <pkg>-common ls -l /etc/<pkg> a) folder may be readable b) files may be readable [Regression Potential] + Medium; if a openstack daemon can't read its config files, it won't startup; however most packages are covered by DEP-8 tests and we'll test + a full OpenStack deployment using the normal SRU testing process: + https://wiki.ubuntu.com/OpenStack/StableReleaseUpdates [Original Bug Report] Example given by CPE: Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, horizon:horizon Permssions for /etc/cinder/ are too loose (750). Should be 700, cinder:cinder Permssions for /etc/glance/ are too loose (755). Should be 700, glance:glance Permssions for /etc/heat/ are too loose (750). Should be 700, heat:heat Permssions for /etc/ceilometer/ are too loose (755). Should be 700, ceilometer:ceilometer Will leave for you to evaluate best permissions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1675088 Title: Restrict permissions on Openstack installation To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs