Red Hat Bugzilla – Bug 828369
katello.conf owned by katello:katello
Last modified: 2013-03-27 16:57:27 EDT
/etc/httpd/conf.d/katello.conf is owned by katello:katello - Does it have to be this way?
Having an application own the http config file is not best security practice and will create security audit alerts with enterprise customers.
And what you recommend? It containst sensitive data (passwords) and it is read by katello user.
Finally taking this one. Yeah, this particular config file does not contain any passwords. Will look into it.