Feature #29255
Set Foreman plugin config file permissions to 0640
Status:
Closed
Priority:
Normal
Assignee:
Category:
Foreman modules
Target version:
Fixed in Releases:
Found in Releases:
Description
Config files might contain secrets such as credentials. Therefore they shouldn't be world readable.
The katello config is such an example and is currently replicating foreman::plugin. commit:9c1787ad19b2cae407b25958095ecbf78757a959 removed the other reason.
Associated revisions
History
#1
Updated by The Foreman Bot 5 months ago
Updated by - Assignee set to Ewoud Kohl van Wijngaarden
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-foreman/pull/807 added
#2
Updated by The Foreman Bot 5 months ago
- Fixed in Releases 2.1.0 added
#3
Updated by Ewoud Kohl van Wijngaarden 5 months ago
Updated by - Status changed from Ready For Testing to Closed
Applied in changeset puppet-foreman|fb9f221d50553ec00496113f9a4d37ff4e5f149c.
Fixes #29255 - Set plugin config file mode to 0640
This sets the config file mode to 0640 by default because they may
contain secrets such as credentials. To keep it readable for Foreman,
the group is modified to $foreman::group.