Reputation: 8447
Keystone configuration file permissions
I'm playing around with Juju and OpenStack and I installed Keystone Identity service on one of the nodes. SSH-ing into the machine I noticed that the permissions of the configuration file /etc/keystone/keystone.conf are 644 (rw-r--r--) which means it is readable by any user on the system.
Keeping in mind that this file contains the MySQL username and password, wouldn't be it right the file to be readable only by the keystone user?
Note that I've tried installing using both Juju and by hand using a fresh Ubuntu 14.04 with the same results.
Edit: Forgot to mention that OpenStack documentation doesn't mention anything about permissions in its docs.
Upvotes: 0
Views: 537
Answers (1)
Reputation: 9979
I don't think any other openstack services use keystone.conf. So you may change ownership to keystone and change permission so that only keystone can read.
chown keystone:keystone /etc/keystone/keystone.conf
chmod 600 /etc/keystone/keystone
Upvotes: 0
Related Questions
- OpenStack - KeyStone Requires Authentication 401
- Keystone.js 6 access denied adminMeta
- How does one assign Admin rights to a user in KeystoneJS 5?
- OpenStack Keystone - Web application
- Configure the administrative account
- Openstack-Keystone failing to start
- Openstack-Keystone failing to create tenant
- How to establish authorized request with keystone using python-openstack client API v3
- Unauthorized error when using OpenStack API, can't get authentication token from keystone
- Not authorized to list projects with keystone v3?