Red Hat Bugzilla – Bug 1256735
krb5kdc.log file is world-readable on IPA
Last modified: 2016-11-03 16:22:47 EDT
Description of problem: krb5kdc.log file is world-readable
Version-Release number of selected component (if applicable):
[root@ipaserver log]# rpm -qa | grep ipa-server
Steps to Reproduce:
1. Login to IPA server.
2. Navigate to /var/log directory
3. Check the permission of the krb5kdc.log
Actual results: krb5kdc.log file is world-readable.
-rw-------. 1 root root 25381 Aug 25 15:42 kadmind.log
-rw-r--r--. 1 root root 1396050 Aug 25 16:30 krb5kdc.log
Expected results: krb5kdc.log shouldn't be world-readable unless needed and also keeping permissions 0600 to be consistent with other kerberos log files.
Additional Info: Logging this bug after having a word with Roland.
Moving to krb5 component, given it is krb5 question.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.