You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2022/04/12 14:10:42 UTC

[GitHub] [cloudstack] rwdj commented on issue #6232: wrong file rights on key file doesn't generate proper error message

rwdj commented on issue #6232:
URL: https://github.com/apache/cloudstack/issues/6232#issuecomment-1096781585

   I can't because I need to move onto other work, but I can demonstrate the fact the key is produced with bad permissions in this environment is reproducible.
   ~~~
   [root@rwdj ~]# cd /etc/cloudstack/management
   [root@rwdj management]# umask
   0077
   [root@rwdj management]# rm -f key
   [root@rwdj management]# cloudstack-setup-databases cloud:cloud --deploy-as=root:root -i 127.0.0.1
   <omitted>
   [root@rwdj management]# ls -l key
   -rw-------. 1 root root 8 Apr 12 09:52 key
   ~~~
   I can also pick out the exact line that writes it: https://github.com/apache/cloudstack/blob/4.16/setup/bindir/cloud-setup-databases.in#L400
   ^ With umask 077 and ran by root, I can see why the file would be generated that way.
   
   The cause is the umask. But while this is technically an env issue, this env is a [specification](https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/finding/V-230385) of DISA's [Security Technical Implementation Guides](https://public.cyber.mil/stigs/).
   
   I'd also like to point out there are two issues here: the lack of error when the key isn't with correct permissions and the way the key is generated in a specific environment which can make testing slightly more difficult.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org