0

I'm playing around with Juju and OpenStack and I installed Keystone Identity service on one of the nodes. SSH-ing into the machine I noticed that the permissions of the configuration file /etc/keystone/keystone.conf are 644 (rw-r--r--) which means it is readable by any user on the system.

Keeping in mind that this file contains the MySQL username and password, wouldn't be it right the file to be readable only by the keystone user?

Note that I've tried installing using both Juju and by hand using a fresh Ubuntu 14.04 with the same results.

Edit: Forgot to mention that OpenStack documentation doesn't mention anything about permissions in its docs.

s3v3n
  • 8,203
  • 5
  • 42
  • 56

1 Answers1

0

I don't think any other openstack services use keystone.conf. So you may change ownership to keystone and change permission so that only keystone can read.

chown keystone:keystone /etc/keystone/keystone.conf

chmod 600 /etc/keystone/keystone
Harikrishnan
  • 9,688
  • 11
  • 84
  • 127
  • Yes, I'm pretty sure it's the only service that's using this file. The question is more about isn't this in fact a bug and should be reported? I also wonder whether this type of bugs are affecting other OpenStack services. – s3v3n Aug 18 '14 at 07:48
  • Yes, you may report this as bug. I can also see other conf like swift,glance with 644 permission. – Harikrishnan Aug 18 '14 at 08:33