** Description changed: Package should security directories and files as below: chown <pkg>:adm /var/log/<pkg> chmod 0750 /var/log/<pkg> find /etc/<pkg> -exec chown root:<pkg> "{}" + find /etc/<pkg> -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" + # Optional rootwrap.d configuration files. find /etc/<pkg>/rootwrap.d -exec chown root:root "{}" + find /etc/<pkg>/rootwrap.d -type f -exec chmod 0644 "{}" + -o -type d -exec chmod 0755 "{}" + - chown <pkg>:<pkg> /var/lib/<pkg> - chmod 0750 /var/lib/<pkg> + find /var/lib/<pkg> -exec chown <pkg>:<pkg> "{}" + + find /var/lib/<pkg> -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" + For keystone, /etc/ files/directories should be owned by keystone:keystone: https://docs.openstack.org/security- guide/identity/checklist.html
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1859422 Title: security: default ownership and permissions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aodh/+bug/1859422/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs