Comment 20 for bug 1129748
Revision history for this message
| Rodney Beede (business2008+launchpad) wrote | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
This would be a good hardening opportunity. One use case is you may have unprivileged user accounts that are used for services like monitoring or OS backups unrelated to the OpenStack images themselves. Especially for monitoring these accounts may have basic remote login capability.
Not allowing the unprivileged accounts access via the world read/x bits would be useful.
So perhaps a hardening option that ideally the code would follow a more secure UMASK as well.