Configuration files in /etc/kolla have inconsistent permissions

Bug #1821579 reported by Mark Goddard on 2019-03-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Status tracked in Stein
Rocky
High
Unassigned
Stein
High
Mark Goddard

Bug Description

The configuration files generated by kolla-ansible have inconsistent permissions. Typically, non-executable files should have 660, and executable files and directories should have 770. All should be owned by the 'config_owner_user' and 'config_owner_group' variables.

Mark Goddard (mgoddard) on 2019-03-25
Changed in kolla-ansible:
assignee: nobody → Mark Goddard (mgoddard)
Mark Goddard (mgoddard) on 2019-03-25
Changed in kolla-ansible:
importance: Undecided → High
Changed in kolla-ansible:
status: New → In Progress
Mark Goddard (mgoddard) wrote :

Fix up perms: https://review.openstack.org/645861
Script to check owner & permissions in CI: https://review.openstack.org/647410

Mark Goddard (mgoddard) on 2019-03-26
Changed in kolla-ansible:
status: In Progress → Fix Committed
status: Fix Committed → In Progress

Reviewed: https://review.openstack.org/645861
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=a4bb8567da3e0e1468d66048c5b46cdeefcb1332
Submitter: Zuul
Branch: master

commit a4bb8567da3e0e1468d66048c5b46cdeefcb1332
Author: Mark Goddard <email address hidden>
Date: Fri Mar 22 19:18:45 2019 +0000

    Fix up config file permissions on the host

    Several config file permissions are incorrect on the host. In general,
    files should be 0660, and directories and executables 0770.

    Change-Id: Id276ac1864f280554e98b937f2845bb424d521de
    Closes-Bug: #1821579

Changed in kolla-ansible:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/647410
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=8c4ab41ffa502a58714819e0407f3c17e6fde7d0
Submitter: Zuul
Branch: master

commit 8c4ab41ffa502a58714819e0407f3c17e6fde7d0
Author: Mark Goddard <email address hidden>
Date: Mon Mar 25 11:39:41 2019 +0000

    Check configuration file permissions in CI

    Typically, non-executable files should have 660 or 600 and executable
    files and directories should have 770. All should be owned by the
    'config_owner_user' and 'config_owner_group' variables.

    This change adds a script to check the owner and permissions of config
    files under /etc/kolla, and runs it at the end of CI jobs.

    Change-Id: Icdbabf36e284b9030017a0dc07b9dc81a37758ab
    Related-Bug: #1821579

This issue was fixed in the openstack/kolla-ansible 8.0.0.0rc1 release candidate.

Reviewed: https://review.openstack.org/649611
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=fc9384117daaa697daf396dd5e35029a672754fc
Submitter: Zuul
Branch: stable/rocky

commit fc9384117daaa697daf396dd5e35029a672754fc
Author: Mark Goddard <email address hidden>
Date: Fri Mar 22 19:18:45 2019 +0000

    Fix up config file permissions on the host

    Several config file permissions are incorrect on the host. In general,
    files should be 0660, and directories and executables 0770.

    Change-Id: Id276ac1864f280554e98b937f2845bb424d521de
    Closes-Bug: #1821579
    (cherry picked from commit a4bb8567da3e0e1468d66048c5b46cdeefcb1332)

Reviewed: https://review.openstack.org/649612
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=dc13194200e794ca381eb2422bb543cde6b9d939
Submitter: Zuul
Branch: stable/rocky

commit dc13194200e794ca381eb2422bb543cde6b9d939
Author: Mark Goddard <email address hidden>
Date: Mon Mar 25 11:39:41 2019 +0000

    Check configuration file permissions in CI

    Typically, non-executable files should have 660 or 600 and executable
    files and directories should have 770. All should be owned by the
    'config_owner_user' and 'config_owner_group' variables.

    This change adds a script to check the owner and permissions of config
    files under /etc/kolla, and runs it at the end of CI jobs.

    Change-Id: Icdbabf36e284b9030017a0dc07b9dc81a37758ab
    Related-Bug: #1821579
    (cherry picked from commit 8c4ab41ffa502a58714819e0407f3c17e6fde7d0)

tags: added: in-stable-rocky
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers