So these pem files are just the public CA certificate cert to the private cluster. There's no private key in there.
-----Original Message----- From: Russ Auld [mailto:russa...@comcast.net] Sent: Monday, May 01, 2017 8:05 AM To: xCAT Users Mailing list Subject: Re: [xcat-user] Pem files are world readable on imaged node On further inspection, these PEM files are being copied to the nodes from the MASTER node when they are provisioned. The PEM files aren't owned by any package - I'll assume that they are created during the installation of xCAT. Is it safe to lock these files down to mode 0600? /install/postscripts/_xcat/ca.pem /install/postscripts/ca/ca-cert.pem -Russ On Thu, 2017-04-27 at 10:23 -0400, Russell Auld wrote: > I just noticed that there are two world-readable pem files in > /xcatpost after a diskfull image of a node. > Shouldn't those files be restricted or deleted? > > ------------------------------------------------------------------- > ----------- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > xCAT-user mailing list > xCAT-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xcat-user > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
