collect_ceph_osd_services.py can't access /var/lib/nagios/ceph-osd-checks on a cis-hardened system
Bug #1906994 reported by
Nikolay Vinogradov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ceph OSD Charm |
New
|
Undecided
|
Unassigned |
Bug Description
Trying to run the command below on a ceph-osd unit fails on a CIS-hardened Ubuntu 18.04 (see also the attached screenshot):
$ sudo -u nagios /usr/local/
Something went wrong reading the file: [Errno 13] Permission denied: '/var/lib/
because CIS implies umask 027 by default, which clears o+r from /var/lib/
See also the requirement "5.4.4 Ensure default user umask is 027 or more restrictive (Scored)" from [1]
[1] http://
To post a comment you must log in.