Bug 828369 - katello.conf owned by katello:katello
katello.conf owned by katello:katello
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer (Show other bugs)
Unspecified Unspecified
unspecified Severity low (vote)
: Unspecified
: --
Assigned To: Lukas Zapletal
Katello QA List
Depends On:
  Show dependency treegraph
Reported: 2012-06-04 13:25 EDT by james labocki
Modified: 2013-03-27 16:57 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-08-03 05:41:30 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description james labocki 2012-06-04 13:25:12 EDT
/etc/httpd/conf.d/katello.conf is owned by katello:katello - Does it have to be this way? 

Having an application own the http config file is not best security practice and will create security audit alerts with enterprise customers.
Comment 1 Lukas Zapletal 2012-06-13 03:57:28 EDT
And what you recommend? It containst sensitive data (passwords) and it is read by katello user.
Comment 2 Lukas Zapletal 2012-08-03 05:35:26 EDT
Finally taking this one. Yeah, this particular config file does not contain any passwords. Will look into it.
Comment 3 Lukas Zapletal 2012-08-03 05:41:30 EDT

Note You need to log in before you can comment on or make changes to this bug.