Comment 1 for bug 1869132

This looks mostly correct with what we're doing via LP: #1859422, specifically:

find /etc/<pkg> -exec chown root:<pkg> "{}" +
find /etc/<pkg> -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +

I think the /etc/keystone/policy.d directory is created by the charm and the permissions are very lenient but I think the 750 directory permissions should prevent "other" from accessing anything in /etc/keystone (should test that).