Hide Forgot
~/.pulp/ has permissions 775 which is insecure. I expect ~/.pulp/ to have permissions 700 so that other users cannot read files within here. This is important for another bug [0] BZ 1159067 which puts username/password info into ~/.pulp/admin.conf We can't automatically secure ~/.pulp/admin.conf because the user creates that file. We should set 700 on the folder level. [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1159067
https://github.com/pulp/pulp/pull/1339
fixed in pulp 2.6.0-0.2.beta
Now if /root/.pulp/ doesn't have 0700 permissions, the warining will be shown with pulp-admin or pulp-consumer command. >> rpm -qa | grep pulp-server pulp-server-2.6.0-0.2.beta.fc20.noarch >> pulp-admin login -u admin -p pass Warning: path should have mode 0700 because it may contain sensitive information: /root/.pulp/ Successfully logged in. Session certificate will expire at Dec 30 22:53:54 2014 GMT. >> chmod 0700 -R /root/.pulp/ >> pulp-admin login -u admin -p pass Successfully logged in. Session certificate will expire at Dec 30 23:01:34 2014 GMT. >> chmod 0740 -R /root/.pulp/ >> pulp-admin repo list --summary Warning: path should have mode 0700 because it may contain sensitive information: /root/.pulp/ >> pulp-consumer status Warning: path should have mode 0700 because it may contain sensitive information: /root/.pulp/ This consumer is not currently registered. If it was deleted/moved, a new created folder ~/.pulp will have 0700. >> mv ~/.pulp/ ~/.pulp_1/ >> pulp-consumer status This consumer is not currently registered. >>pulp-admin login -u admin -p wrongpass The specified user does not have permission to execute the given command >> ls -la ~/ | grep pulp drwxr-xr-x. 2 root root 4096 Nov 4 13:53 for_pulp_uploads drwx------. 2 root root 4096 Dec 24 00:03 .pulp drwxr-----. 3 root root 4096 Dec 23 23:02 .pulp_1
Moved to https://pulp.plan.io/issues/614