StarlingX

Restrict permissions on barbican.conf

Bug #1887575 reported by Andy
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Andy

Bug Description

Brief Description
-----------------
The current permission on /etc/barbican/barbican.conf is 644.
Restrict to the minimum required.

Severity
--------
Minor

Steps to Reproduce
------------------
N/A

Expected Behavior
------------------
/etc/barbican/barbican.conf should have owner "barbican" and group "barbican", and should have permission 600 (only owner can read/write to it)

Actual Behavior
----------------
It's owner is root and group is root, and permission is 644.

Reproducibility
---------------
100% reproducible

System Configuration
--------------------
Any

Branch/Pull Time/Commit
-----------------------
master

Last Pass
---------
Not tested.

Timestamp/Logs
--------------
N/A

Test Activity
-------------
Integration Testing

Workaround
----------
N/A

Andy (andy.wrs)
Changed in starlingx:
assignee: nobody → Andy (andy.wrs)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

security concern / medium priority - should be fixed in master for stx.5.0

tags: added: stx.5.0 stx.security
Changed in starlingx:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-puppet (master)

Fix proposed to branch: master
Review: https://review.opendev.org/741179

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/741179
Committed: https://git.openstack.org/cgit/starlingx/stx-puppet/commit/?id=7a335a84cd98c96b0d266b4319365ea9a0872f78
Submitter: Zuul
Branch: master

commit 7a335a84cd98c96b0d266b4319365ea9a0872f78
Author: Andy Ning <email address hidden>
Date: Tue Jul 14 16:58:52 2020 -0400

    Restrict barbican.conf access permissions

    Currently Barbican configuration file /etc/barbican/barbican.conf has
    ownership root:root, and permission 644. This update changed its ownership
    to be barbican:barbican, and access permission to be 600.

    Change-Id: I385d6e63307a82198be71c6f4f4abdb49c703cd7
    Closes-Bug: 1887575
    Signed-off-by: Andy Ning <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-puppet (f/centos8)

Fix proposed to branch: f/centos8
Review: https://review.opendev.org/762919

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.