openstack
/
kolla-ansible
Code Issues Proposed changes
kolla-ansible/releasenotes/notes/fix-admin-openrc-ownership-...

20 lines
1009 B
YAML
Raw Blame History

---
security:
- |
The ``admin-openrc.sh`` file generated by ``kolla-ansible post-deploy`` was
previously created with ``root:root`` ownership and ``644`` permissions.
This would allow anyone with access to the same directory to read the file,
including the admin credentials. The ownership of ``admin-openrc.sh`` is
now set to the user executing ``kolla-ansible``, and the file is assigned a
mode of ``600``. This change can be applied by running ``kolla-ansible
post-deploy``.
fixes:
- |
The ``admin-openrc.sh`` file generated by ``kolla-ansible post-deploy`` was
previously created with ``root:root`` ownership and ``644`` permissions.
This would allow anyone with access to the same directory to read the file,
including the admin credentials. The ownership of ``admin-openrc.sh`` is
now set to the user executing ``kolla-ansible``, and the file is assigned a
mode of ``600``. This change can be applied by running ``kolla-ansible
post-deploy``.
View Git Blame Copy Permalink