openstack-dashboard should not write to /etc/openstack-dashboard

Bug #1233752 reported by James Page on 2013-10-01
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
horizon (Ubuntu)
High
James Page
Saucy
High
James Page

Bug Description

The horizon codebase contains code which generates and stores a secret key on disk if one is not supplied in local_settings.py.

This needs to not be /etc/openstack-dashboard/secret_key - /var/lib/openstack-dashboard should be more appriopriate with write permissions for www-data.

Right now the dashboard just errors out due to lack to write permissions to /etc/openstack-dashboard.

Related branches

James Page (james-page) on 2013-10-01
Changed in horizon (Ubuntu Saucy):
importance: Undecided → High
status: New → Triaged
assignee: nobody → James Page (james-page)
description: updated
James Page (james-page) on 2013-10-01
Changed in horizon (Ubuntu Saucy):
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 1:2013.2~b3-0ubuntu2

---------------
horizon (1:2013.2~b3-0ubuntu2) saucy; urgency=low

  * Don't use /etc/openstack-dashboard for in-process generated data
    (LP: #1233752):
    - d/openstack-dashboard.{dirs,postinst}:
      + Create /var/lib/openstack-dashboard with restricted permissions,
        allowing www-data user to write a secret_key if need be.
      + Move /etc/openstack-dashboard/secret_key to correct location if
        it already exists.
    - d/p/ubuntu_settings.patch: Use /var/lib/openstack-dashboard for
      secret key storage instead of /etc/openstack-dashboard.
 -- James Page <email address hidden> Wed, 02 Oct 2013 10:31:15 +0100

Changed in horizon (Ubuntu Saucy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers