glance configuration files with screte information are set as 644
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack + Chef |
Fix Released
|
Undecided
|
LeileiZhou |
Bug Description
file permssion for glance-api.conf is set as 0644, how ever it contains
qpid_password=
vmware_
=======
file permission for glance-cache.conf is set as 0644, however it contains secrete:
swift_store_key =
vmware_
=======
file permission for glance-
connection =
=======
file permission for glance-
# Auth settings if using Keystone
# auth_url = http://
# admin_tenant_name = %SERVICE_
# admin_user = %SERVICE_USER%
# admin_password = %SERVICE_PASSWORD%
# Directory to use for lock files. Default to a temp directory
# (string value). This setting needs to be the same for both
# glance-scrubber and glance-api.
#lock_path=<None>
# AES key for encrypting store 'location' metadata, including
# -- if used -- Swift or S3 credentials
# Should be set to a random string of length 16, 24 or 32 bytes
#metadata_
=======
Above files mode should be set as 640 instead of 644 to protect the screte from unauthorized users.
Changed in openstack-chef: | |
assignee: | nobody → LeileiZhou (leileiz) |
description: | updated |
Changed in openstack-chef: | |
status: | New → In Progress |
Fix proposed to branch: master /review. openstack. org/123075
Review: https:/