Public bug reported:
Using keystone against an external mysql database, users have access to
manage the keystone database, ie:
ubuntu@ip-10-12-14-3:~$ keystone-manage user add tester p@ssword
ubuntu@ip-10-12-14-3:~$ keystone-manage role add Admin
ubuntu@ip-10-12-14-3:~$ keystone-manage role grant Admin tester
Permissions on either /usr/bin/keystone-manage or
/etc/keystone/keystone.conf need to be tightened. I believe this is not
an issue with the default package installation since keystone defaults
to /var/lib/keystone/keystone.db as its backing store, which is owned
0755 by user keystone (perhaps this should also be restricted to 0600?)
** Affects: keystone (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/900553
Title:
Any user can manage the keystone database via keystone-manage
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/900553/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
