Re: [openstack-dev] [puppet][swift] Applying security recommendations within puppet-swift
I think we should follow bug 1458915 principles and remove any POSIX user/group control. So all modules are consistent among which other This hardening actions should be reported to specific package mantainers. On Wed, Sep 23, 2015 at 6:10 PM, Alex Schultz wrote: > On Wed, Sep 23, 2015 at 2:32 PM, Alex Schultz > wrote: > > Hey all, > > > > So as part of the Puppet mid-cycle, we did bug triage. One of the > > bugs that was looked into was bug 1289631[0]. This bug is about > > applying the recommendations from the security guide[1] within the > > puppet-swift module. So I'm sending a note out to get other feedback > > on if this is a good idea or not. Should we be applying this type of > > security items within the puppet modules by default? Should we make > > this optional? Thoughts? > > > > > > Thanks, > > -Alex > > > > > > [0] https://bugs.launchpad.net/puppet-swift/+bug/1289631 > > [1] > http://docs.openstack.org/security-guide/object-storage.html#securing-services-general > > Also for the puppet side of this conversation, the change for the > security items[0] also seems to conflict with bug 1458915[1] which is > about removing the posix users/groups/file modes. So which direction > should we go? > > [0] https://review.openstack.org/#/c/219883/ > [1] https://bugs.launchpad.net/puppet-swift/+bug/1458915 > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- *guilherme* \n \t *maluf* __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [puppet][swift] Applying security recommendations within puppet-swift
On Wed, Sep 23, 2015 at 2:32 PM, Alex Schultz wrote: > Hey all, > > So as part of the Puppet mid-cycle, we did bug triage. One of the > bugs that was looked into was bug 1289631[0]. This bug is about > applying the recommendations from the security guide[1] within the > puppet-swift module. So I'm sending a note out to get other feedback > on if this is a good idea or not. Should we be applying this type of > security items within the puppet modules by default? Should we make > this optional? Thoughts? > > > Thanks, > -Alex > > > [0] https://bugs.launchpad.net/puppet-swift/+bug/1289631 > [1] > http://docs.openstack.org/security-guide/object-storage.html#securing-services-general Also for the puppet side of this conversation, the change for the security items[0] also seems to conflict with bug 1458915[1] which is about removing the posix users/groups/file modes. So which direction should we go? [0] https://review.openstack.org/#/c/219883/ [1] https://bugs.launchpad.net/puppet-swift/+bug/1458915 __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [puppet][swift] Applying security recommendations within puppet-swift
Hey all, So as part of the Puppet mid-cycle, we did bug triage. One of the bugs that was looked into was bug 1289631[0]. This bug is about applying the recommendations from the security guide[1] within the puppet-swift module. So I'm sending a note out to get other feedback on if this is a good idea or not. Should we be applying this type of security items within the puppet modules by default? Should we make this optional? Thoughts? Thanks, -Alex [0] https://bugs.launchpad.net/puppet-swift/+bug/1289631 [1] http://docs.openstack.org/security-guide/object-storage.html#securing-services-general __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev