/etc/pki/katello/certs/katello-server-ca.crt deployed with too strict permissions
Fixed in Releases:
Found in Releases:
right now, the file is deployed as:
# ls -ld /etc/pki/katello/certs/katello-server-ca.crt -r--r-----. 1 root foreman 2533 Aug 4 13:59 /etc/pki/katello/certs/katello-server-ca.crt
which means it can't be read by users outside the foreman group (and root).
but there is actually nothing private in that file, so we can loosen the restriction a bit
#1 Updated by The Foreman Bot 8 months ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-certs/pull/403 added
#2 Updated by Evgeni Golov 8 months ago
- Assignee deleted (
- Found in Releases 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1 added
#3 Updated by Ashish Humbe 8 months ago
- Bugzilla link set to 2115775
#4 Updated by The Foreman Bot 8 months ago
- Fixed in Releases 3.4.0 added
#5 Updated by Evgeni Golov 8 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-certs|179aa636c5feb8cbc369913b4e837e3b3e75c83f.
Fixes #35335 - allow everyone to read the Katello CA certificate
There is nothing secret in that file, and this allows non-root users to
use hammer and friends to check the HTTPS cert of the server.