Mysql-router charm create mysql's home as world readable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MySQL Router Charm |
New
|
Undecided
|
Unassigned |
Bug Description
Part of the recommendation for CIS hardening 6.2.6 to ensure users' home directories are not world readable,
mysql user's home which is "/var/lib/mysql/" is currently created with 0755 right by the charm itself.
Currently recommendation from the source of the package from mysql is to set a chmod of 0700 to /var/lib/mysql with mysql:mysql as owner
Technically speaking, restricting to at least 750 instead should not be an issue since the folder for the mysql-router is restricted to mysql user anyway.
ubuntu@
total 12
drwxr-xr-x 3 mysql mysql 4096 Oct 18 07:53 .
drwxr-xr-x 46 root root 4096 Oct 18 07:51 ..
drwx------ 5 mysql mysql 4096 Oct 18 07:54 keystone-
The source of the creation seems to be from ./src/lib/
# Create the directory
if not os.path.