[openstack-glance] remove world readable bit on sensitive glance config files
Pádraig Brady
pbrady at fedoraproject.org
Mon Jul 9 00:42:14 UTC 2012
commit 9287ebecbf87e7c3dc7b887f25cac724240588ce
Author: Pádraig Brady <P at draigBrady.com>
Date: Mon Jul 9 01:16:13 2012 +0100
remove world readable bit on sensitive glance config files
Many of these config files can contain passwords.
Note on RPM update, permissions of unmodified files will be updated,
however for modified config files, the permissions will only be
set on the rpmnew files.
openstack-glance.spec | 17 ++++++++---------
1 files changed, 8 insertions(+), 9 deletions(-)
---
diff --git a/openstack-glance.spec b/openstack-glance.spec
index 9e72967..86073f4 100644
--- a/openstack-glance.spec
+++ b/openstack-glance.spec
@@ -133,16 +133,15 @@ rm -f %{buildroot}/usr/share/doc/glance/README.rst
install -d -m 755 %{buildroot}%{_sharedstatedir}/glance/images
# Config file
-install -p -D -m 644 etc/glance-api.conf %{buildroot}%{_sysconfdir}/glance/glance-api.conf
-install -p -D -m 644 etc/glance-api-paste.ini %{buildroot}%{_sysconfdir}/glance/glance-api-paste.ini
-# glance-registry.conf contains a db password
+install -p -D -m 640 etc/glance-api.conf %{buildroot}%{_sysconfdir}/glance/glance-api.conf
+install -p -D -m 640 etc/glance-api-paste.ini %{buildroot}%{_sysconfdir}/glance/glance-api-paste.ini
install -p -D -m 640 etc/glance-registry.conf %{buildroot}%{_sysconfdir}/glance/glance-registry.conf
-install -p -D -m 644 etc/glance-registry-paste.ini %{buildroot}%{_sysconfdir}/glance/glance-registry-paste.ini
-install -p -D -m 644 etc/glance-cache.conf %{buildroot}%{_sysconfdir}/glance/glance-cache.conf
-install -p -D -m 644 etc/glance-cache-paste.ini %{buildroot}%{_sysconfdir}/glance/glance-cache-paste.ini
-install -p -D -m 644 etc/glance-scrubber.conf %{buildroot}%{_sysconfdir}/glance/glance-scrubber.conf
-install -p -D -m 644 etc/glance-scrubber-paste.ini %{buildroot}%{_sysconfdir}/glance/glance-scrubber-paste.ini
-install -p -D -m 644 etc/policy.json %{buildroot}%{_sysconfdir}/glance/policy.json
+install -p -D -m 640 etc/glance-registry-paste.ini %{buildroot}%{_sysconfdir}/glance/glance-registry-paste.ini
+install -p -D -m 640 etc/glance-cache.conf %{buildroot}%{_sysconfdir}/glance/glance-cache.conf
+install -p -D -m 640 etc/glance-cache-paste.ini %{buildroot}%{_sysconfdir}/glance/glance-cache-paste.ini
+install -p -D -m 640 etc/glance-scrubber.conf %{buildroot}%{_sysconfdir}/glance/glance-scrubber.conf
+install -p -D -m 640 etc/glance-scrubber-paste.ini %{buildroot}%{_sysconfdir}/glance/glance-scrubber-paste.ini
+install -p -D -m 640 etc/policy.json %{buildroot}%{_sysconfdir}/glance/policy.json
# Initscripts
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/openstack-glance-api.service
More information about the scm-commits
mailing list