Bug 1582289

Summary: v2_key has world readable (others) permissions of 0644
Product: Red Hat CloudForms Management Engine Reporter: Tasos Papaioannou <tpapaioa>
Component: ApplianceAssignee: Gregg Tanzillo <gtanzill>
Status: CLOSED DUPLICATE QA Contact: Dave Johnson <dajohnso>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 5.8.0CC: abellott, ncarboni, obarenbo
Target Milestone: GA   
Target Release: cfme-future   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-24 19:39:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tasos Papaioannou 2018-05-24 18:22:42 UTC 
Description of problem:

See BZ:

Bug 1489556 - v2_key has world readable (others) permissions of 0644
https://bugzilla.redhat.com/show_bug.cgi?id=1489556

This was reported on 5.8 and fixed in 5.9. This BZ is to backport the fix to 5.8.

Version-Release number of selected component (if applicable):

5.8.4.3 and earlier

How reproducible:
100%

Steps to Reproduce:
1.) In appliance_console, create an encryption key or fetch a key from another appliance.
2.) Verify the key's permissions on the filesystem:

# ls -l /var/www/miq/vmdb/certs/v2_key 
-rw-r--r--. 1 root root 79 May 18 10:55 /var/www/miq/vmdb/certs/v2_key


Actual results:

World-readable key permissions.

Expected results:

Root-only key permissions.

Additional info:
Comment 2 Nick Carboni 2018-05-24 19:39:31 UTC 
Backports of existing fixes are done using flags on the original bug.

I set the 5.8.z flag on bug 1489556 so I'll close this as a duplicate.

*** This bug has been marked as a duplicate of bug 1489556 ***