Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1353936
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: custodia.conf and server.keys file is world-readable. Version-Release number of selected component (if applicable): ipa-server-4.4.0-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install ipa-server. 2. Navigate to /etc/ipa/custodia/ directory 3. Check the permission for custodia.conf and server.keys file. Actual results: /etc/ipa/custodia [root@server custodia]# ls -l total 8 -rw-r--r--. 1 root root 636 Jul 8 12:51 custodia.conf -rw-r--r--. 1 root root 3353 Jul 8 12:51 server.keys Expected results: Config files and keys should not be world-readable unless required. Additional info:
custodia.conf contains no sensible data. I'm going to leave the permission of the file alone.
[PATCH 0032] Secure permission and cleanup Custodia server.keys
4.3.2 was released, moving to 4.3.3
master:
ipa-4-3:
Metadata Update from @pvoborni: - Issue assigned to cheimes - Issue set to the milestone: FreeIPA 4.3.3
Login to comment on this ticket.