OpenStack + Chef

neutron.conf should not be readable from other users

Bug #1369455 reported by LeileiZhou on 2014-09-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack + Chef	Fix Released	Medium	LeileiZhou

Bug Description

/etc/neutron/neutron.conf contains secrete as:
=============================================================
qpid_password=
nova_admin_password =

[keystone_authtoken]
auth_uri = http://ip:5000/v2.0
auth_host = 9.114.170.181
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password =
signing_dir = /var/lib/neutron/keystone-signing

[database]
# This line MUST be changed to actually run the plugin.
# Example:
# connection = mysql://root:pass@127.0.0.1:3306/neutron
# Replace 127.0.0.1 above with the IP address of the database used by the
# main neutron server. (Leave it as is if the database runs on this host.)
connection =
=============================================================

neutron.conf should not be readable for other users.

LeileiZhou (leileiz) on 2014-09-15

Changed in openstack-chef:
assignee:	nobody → LeileiZhou (leileiz)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-15: Fix proposed to cookbook-openstack-network (master)

Fix proposed to branch: master
Review: https://review.openstack.org/121477

Mark Vanderwiel (vanderwl) on 2014-09-16

Changed in openstack-chef:
status:	New → Confirmed
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-18: Fix merged to cookbook-openstack-network (master)

Reviewed: https://review.openstack.org/121477
Committed: https://git.openstack.org/cgit/stackforge/cookbook-openstack-network/commit/?id=45693ddacfdd81d105380bf250688820e05d36b0
Submitter: Jenkins
Branch: master

commit 45693ddacfdd81d105380bf250688820e05d36b0
Author: leileiz <email address hidden>
Date: Mon Sep 15 05:08:13 2014 -0400

Update neutron.conf permission

To avoid other users to access scecret in neutron.conf, set the
file permission to 640 instead of 644

Fix bug 1369455

Change-Id: Ied4bd43ed3ecdfdb97d3b7be10b8af9548d4e762

LeileiZhou (leileiz) on 2014-10-09

Changed in openstack-chef:
status:	Confirmed → Fix Committed

Mark Vanderwiel (vanderwl) on 2014-10-27

Changed in openstack-chef:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.