Description of problem: The cached pulp credentials (including the parent directory) are created as world readable. $ ls -l ~/.pulp/ total 8 -rw-rw-r--. 1 ncoghlan ncoghlan 917 Aug 2 2011 client.log -rw-rw-r--. 1 ncoghlan ncoghlan 1726 May 14 14:03 user-cert.pem Version-Release number of selected component (if applicable): Seen with Pulp 0.0.267, didn't see anything in the 1.1.0 changelog to suggest it had been fixed. How reproducible: Always Steps to Reproduce: 1. pulp-admin auth login -u <username> 3. enter password Actual results: Cached credentials are world readable Expected results: Cached credentials can only be read by the current user Client refuses to run if cached credentials are world readable Additional info: A simple workaround for the problem is to run "chmod 0700 ~/.pulp" to restrict access to the containing directory
I believe this is resolved in master, but I do not know which version of Pulp it is fixed in (or if that version is released.) Preethi, to verify this bug, please: 2) $ pulp-admin login… 3) $ ls -lah ~/.pulp/ Make sure the user-cert.pem file is only readable by the owner (should be 600).
This was fixed in a prior release of Pulp, but we never put it through the QE process. Moving to ON_QA.
Verified in pulp-admin-client-2.4.0-0.11.beta.fc20.noarch # Screen log [root@ec2-54-220-158-169 pulp]# ls -lahdZ /root/.pulp/ drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 /root/.pulp/ [root@ec2-54-220-158-169 pulp]# ls -lahZ /root/.pulp/ drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 . dr-xr-x---. root root system_u:object_r:admin_home_t:s0 .. -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 admin.log -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 consumer.log -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 server_calls.log -rw-------. root root unconfined_u:object_r:admin_home_t:s0 user-cert.pem [root@ec2-54-220-158-169 pulp]# sudo -u apache cat /root/.pulp/admin.log cat: /root/.pulp/admin.log: Permission denied [root@ec2-54-220-158-169 pulp]# sudo -u apache cat /root/.pulp/user-cert.pem cat: /root/.pulp/user-cert.pem: Permission denied [root@ec2-54-220-158-169 pulp]#
This has been fixed in Pulp 2.4.0-1.