Bug 1598514

Summary: [RFE] Set owner/group/umask for /etc/pki/entitlement/ certs
Product: [Fedora] Fedora Reporter: Pat Riehecky <riehecky>
Component: subscription-managerAssignee: Chris Snyder <csnyder>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: rawhideCC: alikins, awood, bkearney, csnyder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: subscription-manager-1.24.2-1.fc27 subscription-manager-1.24.2-1.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-15 02:12:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pat Riehecky 2018-07-05 17:06:27 UTC
Description of problem:
I'd like to permit users with the wheel group to read the certs so that they can perform up to date yum/dnf queries.  On my system users in the wheel group also have sudo access so permitting read of these files doesn't impact their security.

Version-Release number of selected component (if applicable):
subscription-manager-1.21.5

How reproducible:
100%

Steps to Reproduce:
1. sudo chown root:wheel /etc/pki/entitlement/*.pem
2. sudo chmod 640 /etc/pki/entitlement/*.pem
3. sudo subscription-manager refresh
4. ls -l /etc/pki/entitlement/*.pem

Actual results:
Certs are set back to root:root 600

Expected results:
A setting in /etc/rhsm.conf where I can specify the expected certificate permissions.

Additional info:

Comment 1 Fedora Update System 2018-11-05 22:55:37 UTC
subscription-manager-1.24.2-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-075821dc8f

Comment 2 Fedora Update System 2018-11-05 22:56:14 UTC
subscription-manager-1.24.2-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a675aa39fc

Comment 3 Fedora Update System 2018-11-05 22:56:57 UTC
subscription-manager-1.24.2-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-91ba32a0ff

Comment 4 Fedora Update System 2018-11-06 22:02:10 UTC
subscription-manager-1.24.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-075821dc8f

Comment 5 Fedora Update System 2018-11-06 22:46:01 UTC
subscription-manager-1.24.2-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-91ba32a0ff

Comment 6 Fedora Update System 2018-11-06 23:28:37 UTC
subscription-manager-1.24.2-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a675aa39fc

Comment 7 Fedora Update System 2018-11-15 02:12:51 UTC
subscription-manager-1.24.2-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2018-11-15 02:28:58 UTC
subscription-manager-1.24.2-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.