828369 – katello.conf owned by katello:katello

Bug 828369 - katello.conf owned by katello:katello

Summary: katello.conf owned by katello:katello

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Installation
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	Unspecified
Assignee:	Lukas Zapletal
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-06-04 17:25 UTC by james labocki
Modified:	2019-09-26 13:34 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-03 09:41:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description james labocki 2012-06-04 17:25:12 UTC

/etc/httpd/conf.d/katello.conf is owned by katello:katello - Does it have to be this way? 

Having an application own the http config file is not best security practice and will create security audit alerts with enterprise customers.

Comment 1 Lukas Zapletal 2012-06-13 07:57:28 UTC

And what you recommend? It containst sensitive data (passwords) and it is read by katello user.

Comment 2 Lukas Zapletal 2012-08-03 09:35:26 UTC

Finally taking this one. Yeah, this particular config file does not contain any passwords. Will look into it.

Comment 3 Lukas Zapletal 2012-08-03 09:41:30 UTC

https://github.com/Katello/katello/pull/427

Note You need to log in before you can comment on or make changes to this bug.