Remove readable permissions for "other"

Services installed by os-svc-install tend to have sensitive information
in their config directory and shouldn't be world readable. This commit
sets appropriate permissions on the config directory in os-svc-install.

Before this commit suitable permissions were set on the nova and heat
config directories but keystone and glance were readable without any
specific permissions.

Change-Id: I9d7a1e38742f0eb2fb02bbfc10ac22a195a46f36

elements/heat/install.d/05-heat

@@ -10,4 +10,3 @@ echo "qpid-python" | tee -a /opt/stack/heat/requirements.txt
 os-svc-install -n heat -u heat -r /opt/stack/heat
 
 install -d -m 0770 -o root -g heat /var/log/heat
-install -d -m 0750 -o root -g heat /etc/heat

elements/nova/install.d/74-nova

@@ -7,7 +7,6 @@ mkdir -p /var/run/nova/keys && chown -R nova:nova /var/run/nova/keys
 mkdir -p /var/lib/nova && chown -R nova:nova /var/lib/nova
 install -d -m 0750 -o nova -g nova /var/lib/nova/instances
 
-install -d -m 0750 -o nova -g nova /etc/nova
 cp -a /opt/stack/nova/etc/nova/rootwrap* /etc/nova
 
 ln -sf /opt/stack/venvs/nova/bin/nova-rootwrap /usr/local/bin/nova-rootwrap

elements/os-svc-install/bin/os-svc-install

@@ -53,8 +53,7 @@ function install-os-service() {
 
   id $user || useradd $user --system -d /var/run/$user -s /bin/false
 
-  mkdir -p /etc/$user
-  chown -R $user:$user /etc/$user
+  install -d -m 0750 -o $user -g $user /etc/$user
 
   local svc_root=/opt/stack/$user
   local git_dir="--git-dir $svc_root/.git"