freeipa

Clone
Source Code
GIT

#6056 custodia.conf and server.keys file is world-readable.
Closed: Fixed None Opened 7 years ago by pvoborni.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1353936

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem: custodia.conf and server.keys file is world-readable.


Version-Release number of selected component (if applicable):
ipa-server-4.4.0-1.el7.x86_64

How reproducible: Always

Steps to Reproduce:
1. Install ipa-server.
2. Navigate to /etc/ipa/custodia/ directory
3. Check the permission for custodia.conf and server.keys file.

Actual results:
/etc/ipa/custodia
[root@server custodia]# ls -l
total 8
-rw-r--r--. 1 root root  636 Jul  8 12:51 custodia.conf
-rw-r--r--. 1 root root 3353 Jul  8 12:51 server.keys

Expected results:
Config files and keys should not be world-readable unless required.

Additional info:

custodia.conf contains no sensible data. I'm going to leave the permission of the file alone.

[PATCH 0032] Secure permission and cleanup Custodia server.keys

4.3.2 was released, moving to 4.3.3

master:

  • d9ab009 Secure permissions of Custodia server.keys

ipa-4-3:

  • fc3b695 Secure permissions of Custodia server.keys

Metadata Update from @pvoborni:
- Issue assigned to cheimes
- Issue set to the milestone: FreeIPA 4.3.3
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1353936
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.