Learn more about these different git repos.
Other Git URLs
Under /var/lib/sss the following file permissions might be insecure (especially if SELinux is not in enforcing mode):
db/config.ldb (world readable) pipes/{nss,pam} (world read/writeable) pipes/private/sbus* (world read/writeable)
However, the first and the last ones are in directories with 0700 permissions.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.1 owner: somebody => jhrozek priority: minor => major tests: 0 => 1
owner: jhrozek => sbose
FYI. pipes/{nss,pam} is a public interfaace it must be world writable. The other two, as you note, are in directories marked 0700 so they are protected. However it may be nice to get the files permissions more restrictive just in case.
Fixed by 978bea5 and 94cafd6
fixedin: => 1.1.0 resolution: => fixed status: new => closed
tests: 1 => 0 testsupdated: 0 => 1
rhbz: => 0
Metadata Update from @myllynen: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1445
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.