Bug 97102 - enterprise.init should be chmod to 0600
Summary: enterprise.init should be chmod to 0600
Alias: None
Product: Red Hat Web Application Framework
Classification: Retired
Component: dev environment (Show other bugs)
(Show other bugs)
Version: nightly
Hardware: All Linux
Target Milestone: ---
Assignee: Dennis Gregorovic
QA Contact: Jon Orris
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2003-06-10 13:09 UTC by Dennis Gregorovic
Modified: 2007-04-18 16:54 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-06-30 01:57:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Dennis Gregorovic 2003-06-10 13:09:47 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
Since WEB-INF/resources/enterprise.init contains your database username
and password, doesn't it make sense to 

  chmod 0600, $app_home . 'dist/WEB-INF/resources/enterprise.init

during configure.pl?  People should probably take care of their own
system.conf, but shouldn't the default be to keep enterprise.init
safe from other users?  Or is there an implied assumption that only
administrators are going to be on a CCM app server?  I guess I'd
have to double check what 'chmod' does a Windoze box.

Thanks for any comments on this one.

- edan

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.ls -l /var/www/ccm-core/dist/WEB-INF/resources/enterprise.init

Additional info:

Comment 1 Daniel Berrange 2003-06-11 08:26:08 UTC
Since it needs to be readable by the servlet, we must also 'chown' it to the
user & group that the servlet runs under. Of course you can only run 'chown' on
the file if the user running 'XXX-configure.pl' is 'root'. If they are not root,
then I guess we should assume that the servlet will not be running under a
dedicated user account & just skip the chown step.

Comment 2 Dennis Gregorovic 2003-06-30 01:57:42 UTC
implemented at ccm-scripts 1.3.6 (p4 changelist 33007)

Note You need to log in before you can comment on or make changes to this bug.