Bug #35335
/etc/pki/katello/certs/katello-server-ca.crt deployed with too strict permissions
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Description
right now, the file is deployed as:
# ls -ld /etc/pki/katello/certs/katello-server-ca.crt -r--r-----. 1 root foreman 2533 Aug 4 13:59 /etc/pki/katello/certs/katello-server-ca.crt
which means it can't be read by users outside the foreman group (and root).
but there is actually nothing private in that file, so we can loosen the restriction a bit
Associated revisions
History
#1
Updated by The Foreman Bot 8 months ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-certs/pull/403 added
#2
Updated by Evgeni Golov 8 months ago
- Assignee deleted (
Evgeni Golov) - Found in Releases 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1 added
#3
Updated by Ashish Humbe 8 months ago
- Bugzilla link set to 2115775
#4
Updated by The Foreman Bot 8 months ago
- Fixed in Releases 3.4.0 added
#5
Updated by Evgeni Golov 8 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-certs|179aa636c5feb8cbc369913b4e837e3b3e75c83f.
Fixes #35335 - allow everyone to read the Katello CA certificate
There is nothing secret in that file, and this allows non-root users to
use hammer and friends to check the HTTPS cert of the server.
Fixes: 028f93af283b718752e6263b2732c8c0ce308caf