Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1265917
Description of problem: ipa server log files are world-readable Version-Release number of selected component (if applicable): How reproducible:Always Steps to Reproduce: 1. Login to IPA server. 2. check the permissions of the log file. Actual results: The log files are world-readable. /var/log/ipa [root@ipa01 ipa]# ls -l total 12 -rw-r--r--. 1 root root 5355 Sep 24 12:06 default.log -rw-r--r--. 1 root root 3898 Sep 24 12:08 server.log Expected results: Log files shouldn't be world-readable unless required. Additional info:
Metadata Update from @tbabej: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5 backlog
Most logs (including installer logs) are only accessible by root user (600). But some logs are still world-readable.
# ls -la /var/log/ipa/* -rw-r--r--. 1 root root 564 Apr 30 11:27 /var/log/ipa/cli.log -rw-r--r--. 1 root root 214 Apr 29 22:54 /var/log/ipa/ipactl.log -rw-------. 1 root root 0 Apr 29 22:45 /var/log/ipa/renew.log -rw-------. 1 root root 0 Apr 29 22:45 /var/log/ipa/restart.log
Metadata Update from @cheimes: - Assignee reset - Issue close_status updated to: None - Issue priority set to: important (was: normal)
This has been fixed already with https://github.com/freeipa/freeipa/commit/f62a0fdb904d2a4bb1961847e240dbb6df3b0b67 in standard_logging_setup
$ git tag --contains f62a0fd rc_4-7-0-1 rc_4-7-0-2 rc_4-8-0-1 release-4-6-0 release-4-6-1 release-4-6-2 release-4-6-3 release-4-6-4 release-4-6-5 release-4-7-0 release-4-7-1 release-4-7-2 release-4-8-0
Metadata Update from @twoerner: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.