[Bug 1675088] Re: Restrict permissions on Openstack installation
James Page
james.page at ubuntu.com
Wed Mar 22 17:16:11 UTC 2017
As a general rule, directories and files should not be writeable as the
unpriviledged user, only be root, so the template should be:
root:<openstack-users-group>
0750 permissions
for example:
root:cinder
0750
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1675088
Title:
Restrict permissions on Openstack installation
Status in Ubuntu Cloud Archive:
Triaged
Bug description:
Example given by CPE:
Permssions for /etc/openstack-dashboard/ are too loose (755). Should be 700, horizon:horizon
Permssions for /etc/cinder/ are too loose (750). Should be 700, cinder:cinder
Permssions for /etc/glance/ are too loose (755). Should be 700, glance:glance
Permssions for /etc/heat/ are too loose (750). Should be 700, heat:heat
Permssions for /etc/ceilometer/ are too loose (755). Should be 700, ceilometer:ceilometer
Will leave for you to evaluate best permissions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1675088/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list