I believe this needs fixing across all package versions. It exists for stein:
root@d1:~# ls -al /etc/keystone
total 72
drwxr-xr-x 2 root root 7 Mar 20 14:49 .
drwxr-xr-x 86 root root 174 Mar 20 14:49 ..
-rw-r--r-- 1 root root 2303 Apr 28 2017 default_catalog.templates
-rw-r--r-- 1 root root 109578 Mar 19 11:26 keystone.conf
-rw-r--r-- 1 root root 81504 Mar 19 11:26 keystone.policy.yaml
-rw-r--r-- 1 root root 1046 Mar 19 11:26 logging.conf
-rw-r--r-- 1 root root 665 Apr 28 2017 sso_callback_template.html
As part of this bug we should also audit all of our core openstack packages to make sure they have the right permissions. I made a pass on several during this cycle but must have missed keystone somehow.
I believe this needs fixing across all package versions. It exists for stein:
root@d1:~# ls -al /etc/keystone catalog. templates policy. yaml template. html
total 72
drwxr-xr-x 2 root root 7 Mar 20 14:49 .
drwxr-xr-x 86 root root 174 Mar 20 14:49 ..
-rw-r--r-- 1 root root 2303 Apr 28 2017 default_
-rw-r--r-- 1 root root 109578 Mar 19 11:26 keystone.conf
-rw-r--r-- 1 root root 81504 Mar 19 11:26 keystone.
-rw-r--r-- 1 root root 1046 Mar 19 11:26 logging.conf
-rw-r--r-- 1 root root 665 Apr 28 2017 sso_callback_
As part of this bug we should also audit all of our core openstack packages to make sure they have the right permissions. I made a pass on several during this cycle but must have missed keystone somehow.