Project

Profile

Help

Issue #1833

Updated by rbarlow almost 8 years ago

The Node certificate is installed 
 world-readable: 

 <pre> 
 $ ls -lah /etc/pki/pulp/nodes/ 
 total 4.0K 
 drwxr-xr-x. 2 root root 21 Apr 8 16:37 . 
 drwxr-xr-x. 4 root root 90 Apr 8 16:37 .. 
 -rw-r--r--. 1 root root 3.2K Apr 8 16:37 node.crt 
 </pre> 

 The fix adjusts the generation script to limit the permissions 
 to 0640, and to adjust the group ownership to the apache group. It 
 also uses the -Z flag on the mv command to ensure the correct 
 SELinux context is used on the installed file. 

 Credit also goes to Jeremy Cline (Red Hat) for independently 
 discovering and reporting this issue.

Back