1163420 – Adjust log permissions to 0750 for openstack-sahara

Bug 1163420 - Adjust log permissions to 0750 for openstack-sahara

Summary: Adjust log permissions to 0750 for openstack-sahara

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-sahara
Sub Component:
Version:	5.0 (RHEL 7)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z4
Target Release:	5.0 (RHEL 7)
Assignee:	Elise Gafford
QA Contact:	Luigi Toscano
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1163424
TreeView+	depends on / blocked

Reported:	2014-11-12 16:42 UTC by Lon Hohberger
Modified:	2015-04-16 14:37 UTC (History)
CC List:	6 users (show)
Fixed In Version:	openstack-sahara-2014.1.3-2.el7ost
Doc Type:	Bug Fix
Doc Text:	Previously, the log directory permissions for Sahara was set to 755, resulting in the Sahara service not conforming to the Red Hat log security standards. With this update, the directory permissions are modified to 750, thus, conforming to the Red Hat log security standards.
Clone Of:
Environment:
Last Closed:	2015-04-16 14:37:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0825	0	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory	2015-04-16 18:28:14 UTC

Description Lon Hohberger 2014-11-12 16:42:29 UTC

The spec file for openstack-sahara sets the permissions for /var/log/sahara directory to 0755, which is world-readable.  To maintain consistency, please set this to 0750.  See bug 1149688 for more details.  In the RPM spec file in the %files section, you can use the following:

%dir %attr(0750, sahara, sahara) %{_localstatedir}/log/sahara

(Owner/Group are examples and may be different for this component)

Comment 1 Lon Hohberger 2014-11-12 16:51:02 UTC

The intent here is to tighten up access on /var/log directories and files.  Note that, apart from the RPM spec files, it's possible some OpenStack components may be setting permissions incorrectly as well.

It also may be the case that this component has a valid need to have its /var/log directory world-readable.  If that is the case, please close this bugzilla.

Comment 3 Luigi Toscano 2015-04-03 14:46:26 UTC

The permissions of a freshly installed /var/log/sahara are 0750, thanks to the change in the RPM file.
Verified on openstack-sahara-2014.1.3-3.el7ost.noarch

Comment 5 errata-xmlrpc 2015-04-16 14:37:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0825.html

Note You need to log in before you can comment on or make changes to this bug.