#49899 Set secure permissions on pwdfile.txt and pin.txt
Closed: wontfix 2 years ago by mreynolds. Opened 3 years ago by mmuehlfeldrh.

Issue Description

When you create a new instance with TLS enabled, the pwdfile.txt and pin.txt are created with 644 permissions, which allows all users to read these files.

Even if the NSS database itself only allows the dirsrv user to read/write the database, pwdfile.txt and pin.txt should have 600, or at least 640, permissions set.

Package Version and Platform

389-Directory/1.4.0.13.20180810gitc989e18f7 B2018.222.727

Steps to reproduce

  1. Create a new instance with TLS enabled.
  2. Check permissions on pwdfile.txt and pin.txt

Actual results

-rw-r--r--. 1 dirsrv root 91 Jul 16 14:31 /etc/dirsrv/slapd-instance_name/pin.txt
-rw-r--r--. 1 dirsrv root 65 Jul 16 14:31 /etc/dirsrv/slapd-instance_name/pwdfile.txt

Expected results

-rw-------. 1 dirsrv root 91 Jul 16 14:31 /etc/dirsrv/slapd-instance_name/pin.txt
-rw-------. 1 dirsrv root 65 Jul 16 14:31 /etc/dirsrv/slapd-instance_name/pwdfile.txt


Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue set to the milestone: 1.4.0

3 years ago

Good spotting @mmuehlfeldrh. This should be easy to fix :)

-rw------- 1 dirsrv dirsrv 28672 Mar 11 13:24 cert9.db
-r--r----- 1 dirsrv dirsrv  1676 Mar 11 13:12 certmap.conf
-rw------- 1 dirsrv dirsrv 71233 Mar 11 13:26 dse.ldif
-rw------- 1 dirsrv dirsrv 70812 Mar 11 13:26 dse.ldif.bak
-rw------- 1 dirsrv dirsrv 70812 Mar 11 13:25 dse.ldif.startOK
-rw------- 1 dirsrv dirsrv 36864 Mar 11 13:24 key4.db
-rw------- 1 dirsrv dirsrv   257 Mar 11 13:24 noise.txt
-rw------- 1 dirsrv dirsrv    91 Mar 11 13:24 pin.txt
-rw------- 1 dirsrv dirsrv   447 Mar 11 13:24 pkcs11.txt
-rw------- 1 dirsrv dirsrv    65 Mar 11 13:24 pwdfile.txt

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2958

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

2 years ago

Login to comment on this ticket.

Metadata