[Bug 1859412] Re: security: set default umask for service to 0027
James Page
james.page at ubuntu.com
Mon Jan 13 09:19:23 UTC 2020
I've uploaded new openstack-pkg-tools to focal with this change in place
- reverse-depends will need a rebuild to pickup the new template.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to openstack-pkg-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1859412
Title:
security: set default umask for service to 0027
Status in openstack-pkg-tools package in Ubuntu:
Fix Committed
Status in openstack-pkg-tools source package in Focal:
Fix Committed
Bug description:
OpenStack services have no way to specify the permissions on log files
created; standards such as CIS set a default umask of 0027 however
that is not applied to units running under systemd.
This means that log files (and any other files or directories created
by a daemon) will have global read permissions by default.
As the systemd unit files are templated, we can update this fairly
easily for openstack services by adding the UMask=0027 directive to
the core template.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openstack-pkg-tools/+bug/1859412/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list