juju log files should not be world readable
Bug #1286518 reported by
Kapil Thangavelu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
Medium
|
Katherine Cox-Buday |
Bug Description
juju default logs in /var/log/juju are world readable, charms can log sensitive information so a better default would be 600
description: | updated |
Changed in juju-core: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: logging |
Changed in juju-core: | |
importance: | High → Medium |
Changed in juju-core: | |
assignee: | nobody → Katherine Cox-Buday (cox-katherine-e) |
status: | Triaged → In Progress |
milestone: | none → next-stable |
Changed in juju-core: | |
status: | In Progress → Fix Committed |
Changed in juju-core: | |
milestone: | next-stable → 1.21-alpha1 |
Changed in juju-core: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Would it be possible to have local provider world-readable log files? Or at least set them to adm (or juju?) group, and have them group-readable?
Local provider is used mainly for testing charm development and it's cumbersome to type in sudo password all the time, or to have root terminal permanently open.
Or, maybe add a juju environment configuration option so that one can 'ease up' on the default (for instance, default chmod is 600, but user can change that to 640 or 644).