client.key and server.key are readable by user 1000
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Etcd Charm |
Fix Released
|
High
|
Samuel Allan |
Bug Description
How to reproduce:
$ juju deploy --series focal \
-n 3 \
etcd \
--config channel=3.4/stable
$ juju ssh etcd/0 -- ls -alF /var/snap/
total 40
drwxrwx--- 2 root ubuntu 4096 Nov 23 06:19 ./
drwxr-xr-x 4 root root 4096 Nov 23 05:25 ../
-r--r----- 1 root ubuntu 1220 Nov 23 06:19 ca.crt
-r--r----- 1 root ubuntu 4435 Nov 23 06:19 client.crt
-r--r----- 1 root ubuntu 1703 Nov 23 06:19 client.key
-r--r--r-- 1 root ubuntu 3982 Nov 23 06:19 etcd.conf.yml
-r--r----- 1 root ubuntu 4758 Nov 23 07:30 server.crt
-r--r----- 1 root ubuntu 1704 Nov 23 07:30 server.key
etcd is running as a root user, read permission to the ubuntu(1000) user is not necessary.
root 41533 0.0 0.3 11946580 34420 ? Ssl 07:30 0:13 /snap/etcd/
Changed in charm-etcd: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in charm-etcd: | |
assignee: | nobody → Samuel Walladge (swalladge) |
status: | Triaged → In Progress |
Changed in charm-etcd: | |
status: | In Progress → Fix Committed |
milestone: | none → 1.26+ck2 |
tags: | added: backport-needed |
Changed in charm-etcd: | |
status: | Fix Committed → Fix Released |
I think the part of the code can be different layer than etcd: /github. com/charmed- kubernetes/ layer-tls- client/ blob/main/ reactive/ tls_client. py
https:/