Bug 97102 - enterprise.init should be chmod to 0600
enterprise.init should be chmod to 0600
Status: CLOSED CURRENTRELEASE
Product: Red Hat Web Application Framework
Classification: Retired
Component: dev environment (Show other bugs)
nightly
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dennis Gregorovic
Jon Orris
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-06-10 09:09 EDT by Dennis Gregorovic
Modified: 2007-04-18 12:54 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-06-29 21:57:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dennis Gregorovic 2003-06-10 09:09:47 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
<blockquote>
Since WEB-INF/resources/enterprise.init contains your database username
and password, doesn't it make sense to 

  chmod 0600, $app_home . 'dist/WEB-INF/resources/enterprise.init

during configure.pl?  People should probably take care of their own
system.conf, but shouldn't the default be to keep enterprise.init
safe from other users?  Or is there an implied assumption that only
administrators are going to be on a CCM app server?  I guess I'd
have to double check what 'chmod' does a Windoze box.

Thanks for any comments on this one.

- edan
</blockquote>

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.ls -l /var/www/ccm-core/dist/WEB-INF/resources/enterprise.init
2.
3.
    

Additional info:
Comment 1 Daniel Berrange 2003-06-11 04:26:08 EDT
Since it needs to be readable by the servlet, we must also 'chown' it to the
user & group that the servlet runs under. Of course you can only run 'chown' on
the file if the user running 'XXX-configure.pl' is 'root'. If they are not root,
then I guess we should assume that the servlet will not be running under a
dedicated user account & just skip the chown step.
Comment 2 Dennis Gregorovic 2003-06-29 21:57:42 EDT
implemented at ccm-scripts 1.3.6 (p4 changelist 33007)

Note You need to log in before you can comment on or make changes to this bug.