Bug 1276484 - krb5kdc.log file is world-readable by default
krb5kdc.log file is world-readable by default
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: krb5 (Show other bugs)
rawhide
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Robbie Harwood
Fedora Extras Quality Assurance
https://github.com/krb5/krb5/pull/372
:
Depends On:
Blocks: 1256735 1292523
  Show dependency treegraph
 
Reported: 2015-10-29 16:01 EDT by Robbie Harwood
Modified: 2016-01-28 13:22 EST (History)
10 users (show)

See Also:
Fixed In Version: krb5-1.14-17.fc24 krb5-1.14-6.fc23
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1256735
Environment:
Last Closed: 2016-01-28 13:22:49 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robbie Harwood 2015-10-29 16:01:44 EDT
+++ This bug was initially created as a clone of Bug #1256735 +++

Description of problem: krb5kdc.log file is world-readable

Version-Release number of selected component (if applicable):

[root@ipaserver log]# rpm -qa | grep ipa-server
ipa-server-4.2.0-5.el7.x86_64
ipa-server-trust-ad-4.2.0-5.el7.x86_64
ipa-server-dns-4.2.0-5.el7.x86_64
krb5-server-1.13.2-8.el7.x86_64

How reproducible:Always


Steps to Reproduce:
1. Login to IPA server.
2. Navigate to /var/log directory
3. Check the permission of the krb5kdc.log

Actual results: krb5kdc.log file is world-readable.

-rw-------. 1 root   root          25381 Aug 25 15:42 kadmind.log
-rw-r--r--. 1 root   root        1396050 Aug 25 16:30 krb5kdc.log


Expected results: krb5kdc.log shouldn't be world-readable unless needed and also keeping permissions 0600 to be consistent with other kerberos log files.
Comment 1 Robbie Harwood 2015-12-17 15:16:08 EST
Patch submitted for consideration upstream.
Comment 2 Fedora Update System 2016-01-21 17:07:35 EST
krb5-1.14-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-35cee11780
Comment 3 Robbie Harwood 2016-01-21 17:08:49 EST
I've fixed this in rawhide and f23.  If it is needed in f22, please reopen this and let me know.
Comment 4 Fedora Update System 2016-01-23 23:51:22 EST
krb5-1.14-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-35cee11780
Comment 5 Fedora Update System 2016-01-28 13:22:44 EST
krb5-1.14-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.