Bug 1368346 - Wrong permission for defined config file /etc/virt-who.d/XXX
Summary: Wrong permission for defined config file /etc/virt-who.d/XXX
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: virt-who
Version: 7.3
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Radek Novacek
QA Contact: Eko
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-19 06:52 UTC by Liushihui
Modified: 2016-12-01 00:35 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-23 11:36:05 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Liushihui 2016-08-19 06:52:40 UTC 
Description of problem:
Configuration file under folder /etc/virt-who.d/ may contain passwords but its permissions are 644 (rw-r--r--). It should be 600 (rw-------) to prevent non-root users to read the configuration file.

Version-Release number of selected component (if applicable):
virt-who-0.17-7.el7.noarch
subscription-manager-1.17.10-1.el7.x86_64
python-rhsm-1.17.6-1.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Create any config file under /etc/virt-who.d/
# vim /etc/virt-who.d/hyperv
2.Check the permission of this config file.
[root@cloud-qe-16-vm-03 virt-who.d]# ll /etc/virt-who.d/hyperv 
-rw-r--r--. 1 root root 114 Aug 19 02:43 /etc/virt-who.d/hyperv

Actual results:
its permissions are 644 (rw-r--r--)

Expected results:
Any file under /etc/virt-who.d/ should be 600 (rw-------) to prevent non-root users to read the configuration file.

Additional info:
Comment 1 Radek Novacek 2016-08-23 11:36:05 UTC 
I don't think this is necessary. The /etc/virt-who.d directory has drwx------ perms, so non-root users can't access anything in the directory and it does't matter what perms those files have.
Note You need to log in before you can comment on or make changes to this bug.