Project

General

Profile

Bug #35335

/etc/pki/katello/certs/katello-server-ca.crt deployed with too strict permissions

Added by Evgeni Golov 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
2115775
Pull request:
https://github.com/theforeman/puppet-certs/pull/403
Fixed in Releases:
Foreman - 3.4.0
Found in Releases:
Foreman - 3.1.0, Foreman - 3.1.1, Foreman - 3.1.2, Foreman - 3.1.3, Foreman - 3.2.0, Foreman - 3.2.1, Foreman - 3.2.2, Foreman - 3.3.0, Foreman - 3.3.1
Red Hat JIRA:

Description

right now, the file is deployed as:

# ls -ld /etc/pki/katello/certs/katello-server-ca.crt
-r--r-----. 1 root foreman 2533 Aug  4 13:59 /etc/pki/katello/certs/katello-server-ca.crt

which means it can't be read by users outside the foreman group (and root).

but there is actually nothing private in that file, so we can loosen the restriction a bit

Associated revisions

Revision 179aa636 (diff)
Added by Evgeni Golov 8 months ago

Fixes #35335 - allow everyone to read the Katello CA certificate

There is nothing secret in that file, and this allows non-root users to
use hammer and friends to check the HTTPS cert of the server.

Fixes: 028f93af283b718752e6263b2732c8c0ce308caf

History

#1 Updated by The Foreman Bot 8 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-certs/pull/403 added

#2 Updated by Evgeni Golov 8 months ago

  • Assignee deleted (Evgeni Golov)
  • Found in Releases 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1 added

#3 Updated by Ashish Humbe 8 months ago

  • Bugzilla link set to 2115775

#4 Updated by The Foreman Bot 8 months ago

  • Fixed in Releases 3.4.0 added

#5 Updated by Evgeni Golov 8 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF