Comment 2 for bug 1820992

I believe this needs fixing across all package versions. It exists for stein:

root@d1:~# ls -al /etc/keystone
total 72
drwxr-xr-x 2 root root 7 Mar 20 14:49 .
drwxr-xr-x 86 root root 174 Mar 20 14:49 ..
-rw-r--r-- 1 root root 2303 Apr 28 2017 default_catalog.templates
-rw-r--r-- 1 root root 109578 Mar 19 11:26 keystone.conf
-rw-r--r-- 1 root root 81504 Mar 19 11:26 keystone.policy.yaml
-rw-r--r-- 1 root root 1046 Mar 19 11:26 logging.conf
-rw-r--r-- 1 root root 665 Apr 28 2017 sso_callback_template.html

As part of this bug we should also audit all of our core openstack packages to make sure they have the right permissions. I made a pass on several during this cycle but must have missed keystone somehow.