Remove readable permissions for "other"
Services installed by os-svc-install tend to have sensitive information in their config directory and shouldn't be world readable. This commit sets appropriate permissions on the config directory in os-svc-install. Before this commit suitable permissions were set on the nova and heat config directories but keystone and glance were readable without any specific permissions. Change-Id: I9d7a1e38742f0eb2fb02bbfc10ac22a195a46f36
This commit is contained in:
parent
4a7dd40572
commit
3a154d785f
|
@ -10,4 +10,3 @@ echo "qpid-python" | tee -a /opt/stack/heat/requirements.txt
|
|||
os-svc-install -n heat -u heat -r /opt/stack/heat
|
||||
|
||||
install -d -m 0770 -o root -g heat /var/log/heat
|
||||
install -d -m 0750 -o root -g heat /etc/heat
|
||||
|
|
|
@ -7,7 +7,6 @@ mkdir -p /var/run/nova/keys && chown -R nova:nova /var/run/nova/keys
|
|||
mkdir -p /var/lib/nova && chown -R nova:nova /var/lib/nova
|
||||
install -d -m 0750 -o nova -g nova /var/lib/nova/instances
|
||||
|
||||
install -d -m 0750 -o nova -g nova /etc/nova
|
||||
cp -a /opt/stack/nova/etc/nova/rootwrap* /etc/nova
|
||||
|
||||
ln -sf /opt/stack/venvs/nova/bin/nova-rootwrap /usr/local/bin/nova-rootwrap
|
||||
|
|
|
@ -53,8 +53,7 @@ function install-os-service() {
|
|||
|
||||
id $user || useradd $user --system -d /var/run/$user -s /bin/false
|
||||
|
||||
mkdir -p /etc/$user
|
||||
chown -R $user:$user /etc/$user
|
||||
install -d -m 0750 -o $user -g $user /etc/$user
|
||||
|
||||
local svc_root=/opt/stack/$user
|
||||
local git_dir="--git-dir $svc_root/.git"
|
||||
|
|
Loading…
Reference in New Issue