[Bug 1869132] Re: [focal] /etc/keystone owned by root
Corey Bryant
corey.bryant at canonical.com
Thu Mar 26 15:30:02 UTC 2020
This looks mostly correct with what we're doing via LP: #1859422,
specifically:
find /etc/<pkg> -exec chown root:<pkg> "{}" +
find /etc/<pkg> -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +
I think the /etc/keystone/policy.d directory is created by the charm and
the permissions are very lenient but I think the 750 directory
permissions should prevent "other" from accessing anything in
/etc/keystone (should test that).
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1869132
Title:
[focal] /etc/keystone owned by root
Status in keystone package in Ubuntu:
New
Bug description:
root at juju-c9e7e0-4:/etc# dpkg -l keystone
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============================================-============-====================================
ii keystone 2:17.0.0~b3~git2020032415.9f9040257-0ubuntu1 all OpenStack identity service - Daemons
root at juju-c9e7e0-4:/etc# ls -ld /etc
drwxr-xr-x 82 root root 154 Mar 26 06:51 /etc
root at juju-c9e7e0-4:/etc# ls -ld /etc/keystone
drwxr-x--- 3 root keystone 8 Mar 26 06:51 /etc/keystone
root at juju-c9e7e0-4:/etc# ls -l /etc/keystone
total 215
-rw-r----- 1 root keystone 2303 Mar 24 19:01 default_catalog.templates
-rw-r----- 1 root keystone 104730 Mar 24 19:02 keystone.conf
-rw-r----- 1 root keystone 96670 Mar 24 19:02 keystone.policy.yaml
-rw-r----- 1 root keystone 1046 Mar 24 19:02 logging.conf
drwxrwxr-x 2 keystone keystone 2 Mar 26 06:51 policy.d
-rw-r----- 1 root keystone 665 Mar 24 19:01 sso_callback_template.html
root at juju-c9e7e0-4:/etc#
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/1869132/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list