Bug 1256735 - krb5kdc.log file is world-readable on IPA
krb5kdc.log file is world-readable on IPA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: krb5 (Show other bugs)
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Robbie Harwood
Marek Marusic
Depends On: 1276484
Blocks: 1292074 1292523
  Show dependency treegraph
Reported: 2015-08-25 07:10 EDT by Sudhir Menon
Modified: 2016-11-03 16:22 EDT (History)
6 users (show)

See Also:
Fixed In Version: krb5-1.14.1-4.el7
Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1276484 1292523 (view as bug list)
Last Closed: 2016-11-03 16:22:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sudhir Menon 2015-08-25 07:10:51 EDT
Description of problem: krb5kdc.log file is world-readable

Version-Release number of selected component (if applicable):

[root@ipaserver log]# rpm -qa | grep ipa-server

How reproducible:Always

Steps to Reproduce:
1. Login to IPA server.
2. Navigate to /var/log directory
3. Check the permission of the krb5kdc.log

Actual results: krb5kdc.log file is world-readable.

-rw-------. 1 root   root          25381 Aug 25 15:42 kadmind.log
-rw-r--r--. 1 root   root        1396050 Aug 25 16:30 krb5kdc.log

Expected results: krb5kdc.log shouldn't be world-readable unless needed and also keeping permissions 0600 to be consistent with other kerberos log files.

Additional Info: Logging this bug after having a word with Roland.
Comment 2 Martin Kosek 2015-08-26 04:27:32 EDT
Moving to krb5 component, given it is krb5 question.
Comment 12 errata-xmlrpc 2016-11-03 16:22:47 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.