Jeroen T. Vermeulen has proposed merging lp:~jtv/maas/pkg-bug-1060095 into lp:~maas-maintainers/maas/packaging.
Commit message: Make maas_local_settings readable only to root & maas. Requested reviews: Launchpad code reviewers (launchpad-reviewers) Related bugs: Bug #1060095 in MAAS: "Database password in maas_local_settings.py is world-readable" https://bugs.launchpad.net/maas/+bug/1060095 For more details, see: https://code.launchpad.net/~jtv/maas/pkg-bug-1060095/+merge/127451 As discussed with Raphael. This file should be private. Only the installation process has legitimate reason to write to it, and root aside, only maas has a legitimate reason to read from it. Jeroen -- https://code.launchpad.net/~jtv/maas/pkg-bug-1060095/+merge/127451 Your team Launchpad code reviewers is requested to review the proposed merge of lp:~jtv/maas/pkg-bug-1060095 into lp:~maas-maintainers/maas/packaging.
=== modified file 'debian/maas-region-controller.postinst' --- debian/maas-region-controller.postinst 2012-10-01 10:35:56 +0000 +++ debian/maas-region-controller.postinst 2012-10-02 10:25:25 +0000 @@ -137,10 +137,14 @@ mkdir -p /var/lib/maas/media/storage chown -R maas:maas /var/lib/maas/ - # Local celery config may contain credentials, so should be readable + # Config will contain credentials, so should be readable # by the application but nobody else. - chown root:maas /etc/maas/maas_local_celeryconfig.py - chmod 0640 /etc/maas/maas_local_celeryconfig.py + chown root:maas \ + /etc/maas/maas_local_celeryconfig.py \ + /etc/maas/maas_local_settings + chmod 0640 \ + /etc/maas/maas_local_celeryconfig.py \ + /etc/maas/maas_local_settings ######################################################### ################ Configure Apache2 ####################
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp
