Bug 1276484 - krb5kdc.log file is world-readable by default
Summary: krb5kdc.log file is world-readable by default
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Robbie Harwood
QA Contact: Fedora Extras Quality Assurance
URL: https://github.com/krb5/krb5/pull/372
Depends On:
Blocks: 1256735 1292523
TreeView+ depends on / blocked
Reported: 2015-10-29 20:01 UTC by Robbie Harwood
Modified: 2016-01-28 18:22 UTC (History)
10 users (show)

Fixed In Version: krb5-1.14-17.fc24 krb5-1.14-6.fc23
Doc Type: Bug Fix
Doc Text:
Clone Of: 1256735
Last Closed: 2016-01-28 18:22:49 UTC
Type: Bug

Attachments (Terms of Use)

Description Robbie Harwood 2015-10-29 20:01:44 UTC
+++ This bug was initially created as a clone of Bug #1256735 +++

Description of problem: krb5kdc.log file is world-readable

Version-Release number of selected component (if applicable):

[root@ipaserver log]# rpm -qa | grep ipa-server

How reproducible:Always

Steps to Reproduce:
1. Login to IPA server.
2. Navigate to /var/log directory
3. Check the permission of the krb5kdc.log

Actual results: krb5kdc.log file is world-readable.

-rw-------. 1 root   root          25381 Aug 25 15:42 kadmind.log
-rw-r--r--. 1 root   root        1396050 Aug 25 16:30 krb5kdc.log

Expected results: krb5kdc.log shouldn't be world-readable unless needed and also keeping permissions 0600 to be consistent with other kerberos log files.

Comment 1 Robbie Harwood 2015-12-17 20:16:08 UTC
Patch submitted for consideration upstream.

Comment 2 Fedora Update System 2016-01-21 22:07:35 UTC
krb5-1.14-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-35cee11780

Comment 3 Robbie Harwood 2016-01-21 22:08:49 UTC
I've fixed this in rawhide and f23.  If it is needed in f22, please reopen this and let me know.

Comment 4 Fedora Update System 2016-01-24 04:51:22 UTC
krb5-1.14-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-35cee11780

Comment 5 Fedora Update System 2016-01-28 18:22:44 UTC
krb5-1.14-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.