Bug 1020187
Summary: | RHS-C: adminPassword is saved as PLAIN TEXT in the answer file generated as part of rhsc-setup | ||||||
---|---|---|---|---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Prasanth <pprakash> | ||||
Component: | rhsc | Assignee: | Timothy Asir <tjeyasin> | ||||
Status: | CLOSED ERRATA | QA Contact: | Prasanth <pprakash> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 2.1 | CC: | alonbl, dtsang, knarra, mmahoney, pprakash, rhs-bugs, sharne, ssampat, tjeyasin | ||||
Target Milestone: | --- | Keywords: | ZStream | ||||
Target Release: | RHGS 2.1.2 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | cb9 | Doc Type: | Bug Fix | ||||
Doc Text: |
Previously, the password was saved as plain text in the answer file generated during rhsc-setup. Now, with this update, the answer file is made accessible only to the root user.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-02-25 07:53:20 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1028748 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Prasanth
2013-10-17 08:44:49 UTC
Created attachment 813241 [details]
20131016194348-setup.conf
Hello, Core product behavior bugs/features should be opened against upstream or at least rhevm... as RHS-C is not the origin of these issues. It is correct, answer file contain the entire configuration that is required to setup an identical setup at later time. This is by design. Correction: Database password is not encrypted as well, you can see it in plain text at /etc/ovirt-engine/engine.conf.d/*, and it is also available in the answer file for the same reason. It is not that critical to have admin password in clear text during setup as it is initial password for admin to be able to perform first login, he may change the password at any time using: # engine-config -s AdminPassword=interactive This will obsolete the password stored at the answer file. The important issue to fix is bug#1028748, which is already being worked on, to make answer file private to root. Thanks, Fix for bug#1028748 is already merged upstream on master, 3.3 and 3.3.1 branches. Thath fix will also changes the file access permission to root only. Verified as fixed in cb9 ------- [root@rhs-client3 /]# cd /var/lib/ovirt-engine/setup/answers/ [root@rhs-client3 answers]# ls -al 20131126173041-setup.conf -rw-------. 1 root root 1171 Nov 26 17:30 20131126173041-setup.conf ------- Answer file is now private to root. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-0208.html The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |