Public bug reported:
Current Behavior
---------------
with recent releases, netplan started complaining:
```
Permissions for /etc/netplan/10-somehost.yaml are too open. Netplan
configuration should NOT be accessible by others
```
While I understand that in most cases 'others' should not be able to write to
this file, I think for the simple default case (wired node, no WLAN, no
Wireguard, no 802.1x, e.g. no secrets), it's OK that this file is readable for
all logged in users. This makes server administration much easier (e.g. all
network configuration visible at one place). Avoiding the warning puts less
clutter to the logs.
Expected Behavior
---------------
Set default behavior to silence the message. Maybe write a log message if it is
world writable.
Any opinions? If I get some upvotes, I'll prepare a PR.
There are security scanners (e.g. UBUNTU22-CIS) that check for permissions on
this file; they could trigger a warning, but IMHO not libnetplan itself. Other
packages don't complain either it (e.g. vipw doesn't care if /etc/shadow is
world readable).
So I'd call this unexpected/unusual behavior and harming the one tool for one
problem principle (here: configure network interfaces, not scan for potential
security issues).
Release: Current Ubuntu 24.04.3 LTS
Netplan: 1.1.2-2~ubuntu24.04.2
** Affects: netplan.io (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130613
Title:
Netplan: Silence warning if YAML is world readable
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2130613/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
