Red Hat Bugzilla – Bug 97102
enterprise.init should be chmod to 0600
Last modified: 2007-04-18 12:54:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Description of problem:
Since WEB-INF/resources/enterprise.init contains your database username
and password, doesn't it make sense to
chmod 0600, $app_home . 'dist/WEB-INF/resources/enterprise.init
during configure.pl? People should probably take care of their own
system.conf, but shouldn't the default be to keep enterprise.init
safe from other users? Or is there an implied assumption that only
administrators are going to be on a CCM app server? I guess I'd
have to double check what 'chmod' does a Windoze box.
Thanks for any comments on this one.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.ls -l /var/www/ccm-core/dist/WEB-INF/resources/enterprise.init
Since it needs to be readable by the servlet, we must also 'chown' it to the
user & group that the servlet runs under. Of course you can only run 'chown' on
the file if the user running 'XXX-configure.pl' is 'root'. If they are not root,
then I guess we should assume that the servlet will not be running under a
dedicated user account & just skip the chown step.
implemented at ccm-scripts 1.3.6 (p4 changelist 33007)