Red Hat Bugzilla – Bug 1163421
Adjust log permissions to 0750 for openstack-trove
Last modified: 2015-09-10 07:45:57 EDT
The spec file for openstack-trove sets the permissions for /var/log/trove directory to 0755, which is world-readable. To maintain consistency, please set this to 0750. See bug 1149688 for more details. In the RPM spec file in the %files section, you can use the following: %dir %attr(0750, trove, trove) %{_localstatedir}/log/trove (Owner/Group are examples and may be different for this component)
The intent here is to tighten up access on /var/log directories and files. Note that, apart from the RPM spec files, it's possible some OpenStack components may be setting permissions incorrectly as well. It also may be the case that this component has a valid need to have its /var/log directory world-readable. If that is the case, please close this bugzilla.
Makes sense, I'll also fix it in RDO.
The permissions of a freshly installed /var/log/trove are now 0750. drwxr-x---. 2 trove root 22 Sep 1 08:49 trove Verified on: openstack-trove-common-2014.1.5-1.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1762.html