I haven't checked but I suspect it will be similar in SCL. +++ This bug was initially created as a clone of Bug #1374700 +++ Description of problem: Config and datadir of redis have suspiciously weak permissions. It seems an attacker would be able to read data content easily and also password is often stored in plaintext in /etc/redis.conf. Version-Release number of selected component (if applicable): redis-3.0.6-3.fc24.x86_64 How reproducible: every-time Steps to Reproduce: 1. ls -l /etc/redis* 2. ls -ld /var/lib/redis* Actual results: -rw-r--r--. 1 redis root 41599 Feb 8 2016 /etc/redis.conf -rw-r--r--. 1 redis root 7355 Feb 8 2016 /etc/redis-sentinel.conf drwxr-xr-x. 2 redis redis 4096 Sep 9 14:29 /var/lib/redis Expected results: -rw-r-----. 1 redis root 41599 Feb 8 2016 /etc/redis.conf -rw-r-----. 1 redis root 7355 Feb 8 2016 /etc/redis-sentinel.conf drwx------. 2 redis redis 4096 Sep 9 14:29 /var/lib/redis
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2745.html