Petals ESB CLI

The default preference file should be readable only by users member of group 'petals'

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 2.2.0
  • Fix Version/s: 2.3.0
  • Component/s: Debian Pack
  • Security Level: Public
  • Description:
    Hide

    To increase security, the default preference file '/etc/petals-cli/petals-cli.default'' should not be readable by all users. It should be readable only by users member of a given group.

    By default, the group 'petals' will be used to protect the preference file. If needed, the group can be changed.

    Note: If the user running Petals CLI is not a member of this group, a warning will be displayed if the mode 'Console' is used:

    user@host> petals-cli -C
ERROR: Your are not granted to access the configuration file '/etc/petals-cli/petals-cli.default'.

user@host>
    Show
    To increase security, the default preference file '/etc/petals-cli/petals-cli.default'' should not be readable by all users. It should be readable only by users member of a given group. By default, the group 'petals' will be used to protect the preference file. If needed, the group can be changed. Note: If the user running Petals CLI is not a member of this group, a warning will be displayed if the mode 'Console' is used: 
    user@host> petals-cli -C
ERROR: Your are not granted to access the configuration file '/etc/petals-cli/petals-cli.default'.

user@host>
  • Environment:
    -

Issue Links

Depends
 

Activity

Ascending order - Click to sort in descending order
Christophe DENEUX made changes - Thu, 28 Jan 2016 - 14:57:36 +0100
Field Original Value New Value
Link This issue blocks PETALSDISTRIB-221 [ PETALSDISTRIB-221 ]
Christophe DENEUX made changes - Thu, 28 Jan 2016 - 14:59:19 +0100
Status New [ 10000 ] Open [ 10002 ]
Priority Major [ 3 ]
Christophe DENEUX made changes - Thu, 28 Jan 2016 - 14:59:22 +0100
Status Open [ 10002 ] In Progress [ 10003 ]
Christophe DENEUX made changes - Thu, 28 Jan 2016 - 15:35:18 +0100
Description To increase security, the default preference file '{{/etc/petals-cli/petals-cli.default}}'' should not be readable by all users. It should be readable only by users member of a given group.

By default, the group '{{petals}}' will be used to protect the preference file. If needed, the group can be changed.

Note: If the user running Petals CLI is not a member of this group, a warning will be displayed if the mode '{{Console}}' is used:
{code}
user@host> petals-cli -C
WARNING: Your are not granted to access the default configuration file: ...
petals-cli>
{code}
To increase security, the default preference file '{{/etc/petals-cli/petals-cli.default}}'' should not be readable by all users. It should be readable only by users member of a given group.

By default, the group '{{petals}}' will be used to protect the preference file. If needed, the group can be changed.

Note: If the user running Petals CLI is not a member of this group, a warning will be displayed if the mode '{{Console}}' is used:
{code}
user@host> petals-cli -C
ERROR: Your are not granted to access the configuration file '/etc/petals-cli/petals-cli.default'.

user@host>
{code}
Hide
Permalink
Christophe DENEUX added a comment - Thu, 28 Jan 2016 - 16:28:44 +0100

Now, default ACL of the preference file are:

-rw-r----- 1 root petals 1098 janv. 28 15:33 petals-cli.default
Show
Christophe DENEUX added a comment - Thu, 28 Jan 2016 - 16:28:44 +0100 Now, default ACL of the preference file are: 
-rw-r----- 1 root petals 1098 janv. 28 15:33 petals-cli.default
Christophe DENEUX made changes - Thu, 28 Jan 2016 - 16:28:44 +0100
Status In Progress [ 10003 ] Resolved [ 10004 ]
Fix Version/s 2.3.0 [ 10605 ]
Resolution Fixed [ 1 ]
Transition Status Change Time Execution Times Last Executer Last Execution Date
New New Open Open
2m 5s
1
Christophe DENEUX
Thu, 28 Jan 2016 - 14:59:19 +0100
Open Open In Progress In Progress
3s
1
Christophe DENEUX
Thu, 28 Jan 2016 - 14:59:22 +0100
In Progress In Progress Resolved Resolved
1h 29m
1
Christophe DENEUX
Thu, 28 Jan 2016 - 16:28:44 +0100

People

Dates

  • Created:
    Thu, 28 Jan 2016 - 14:57:14 +0100
    Updated:
    Thu, 28 Jan 2016 - 16:28:44 +0100
    Resolved:
    Thu, 28 Jan 2016 - 16:28:44 +0100
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for Petals ESB. Try JIRA - bug tracking software for your team.