Red Hat Bugzilla – Bug 1276484
krb5kdc.log file is world-readable by default
Last modified: 2016-01-28 13:22:49 EST
+++ This bug was initially created as a clone of Bug #1256735 +++
Description of problem: krb5kdc.log file is world-readable
Version-Release number of selected component (if applicable):
[root@ipaserver log]# rpm -qa | grep ipa-server
Steps to Reproduce:
1. Login to IPA server.
2. Navigate to /var/log directory
3. Check the permission of the krb5kdc.log
Actual results: krb5kdc.log file is world-readable.
-rw-------. 1 root root 25381 Aug 25 15:42 kadmind.log
-rw-r--r--. 1 root root 1396050 Aug 25 16:30 krb5kdc.log
Expected results: krb5kdc.log shouldn't be world-readable unless needed and also keeping permissions 0600 to be consistent with other kerberos log files.
Patch submitted for consideration upstream.
krb5-1.14-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-35cee11780
I've fixed this in rawhide and f23. If it is needed in f22, please reopen this and let me know.
krb5-1.14-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-35cee11780
krb5-1.14-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.