>>> Tomas Jelinek <tojel...@redhat.com> schrieb am 23.04.2019 um 12:36 in Nachricht <f68313c6-9c5a-4835-44e8-274d71ab5...@redhat.com>: > The files are listed as ghost files in order to let rpm know they belong > to pcs but are not distributed in rpm packages. Those files are created > by pcsd in runtime. I guess the 000 permissions come from the fact those > files are not present in rpm packages.
My guess it's just bad packing: I have an RPM myself that introduces a %ghost, and it has permissions: %ghost %config(missingok) %verify(not md5 mtime size) %attr(0644,root,root) /etc/%{name}.conf Regards, Ulrich > > The real permissions you have look OK to me as long as /var/lib/pcsd has > 700. Files pcsd.cookiesecret, pcsd.crt and pcsd.key should not be > executable but it does not matter that much. We fixed it pcs‑0.9.165. > The fix doesn't change permissions of existing files, though. > > > Regards, > Tomas > > > Dne 19. 04. 19 v 21:20 Hayden,Robert napsal(a): >> Working through an audit and need to determine what the expected >> permissions are for the following files. >> >> [root@techval13]# rpm ‑V pcs >> >> .M....... c /var/lib/pcsd/pcs_settings.conf >> >> .M....... c /var/lib/pcsd/pcs_users.conf >> >> .M....... c /var/lib/pcsd/pcsd.cookiesecret >> >> .M....... c /var/lib/pcsd/pcsd.crt >> >> .M....... c /var/lib/pcsd/pcsd.key >> >> .M....... c /var/lib/pcsd/tokens >> >> Looking at the RPM spec, these appear to be ghost files with permissions >> set to 000 in the spec. >> >> [root@techval13]# rpm ‑q ‑‑dump pcs | grep /var/lib/pcsd/pcs_settings.conf >> >> /var/lib/pcsd/pcs_settings.conf 0 1541089158 >> 0000000000000000000000000000000000000000000000000000000000000000 0100000 >> root root 1 0 0 X >> >> Currently, the permissions after a normal installation are listed in the >> “first” column from my custom report output. The second column is the >> “expected” permissions from the RPM spec. >> >> 644 | 000 | /var/lib/pcsd/pcs_settings.conf | >> pcs‑0.9.165‑6.0.1.el7.x86_64 >> >> 644 | 000 | /var/lib/pcsd/pcs_users.conf | pcs‑0.9.165‑6.0.1.el7.x86_64 >> >> 700 | 000 | /var/lib/pcsd/pcsd.cookiesecret | >> pcs‑0.9.165‑6.0.1.el7.x86_64 >> >> 700 | 000 | /var/lib/pcsd/pcsd.crt | pcs‑0.9.165‑6.0.1.el7.x86_64 >> >> 700 | 000 | /var/lib/pcsd/pcsd.key | pcs‑0.9.165‑6.0.1.el7.x86_64 >> >> 600 | 000 | /var/lib/pcsd/tokens | pcs‑0.9.165‑6.0.1.el7.x86_64 >> >> Any help or guidance would be greatly appreciated. >> >> >> Thanks >> >> Robert >> >> CONFIDENTIALITY NOTICE This message and any included attachments are >> from Cerner Corporation and are intended only for the addressee. The >> information contained in this message is confidential and may constitute >> inside or non‑public information under international, federal, or state >> securities laws. Unauthorized forwarding, printing, copying, >> distribution, or use of such information is strictly prohibited and may >> be unlawful. If you are not the addressee, please promptly delete this >> message and notify the sender of the delivery error by e‑mail or you may >> call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) >> (816)221‑1024. >> >> >> _______________________________________________ >> Manage your subscription: >> https://lists.clusterlabs.org/mailman/listinfo/users >> >> ClusterLabs home: https://www.clusterlabs.org/ >> > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/