launchpad-reviewers team mailing list archive

["Jeroen T. Vermeulen" <jtv@xxxxxxxxxxxxx>]

Jeroen T. Vermeulen has proposed merging lp:~jtv/maas/pkg-bug-1089802 into lp:~maas-maintainers/maas/packaging.

Commit message:
Make maas_cluster.conf non-world-readable, now that it contains the cluster UUID.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #1089802 in MAAS: "maas_cluster.conf is world-readable, but now holds cluster uuid"
  https://bugs.launchpad.net/maas/+bug/1089802

For more details, see:
https://code.launchpad.net/~jtv/maas/pkg-bug-1089802/+merge/139645

We like to keep the cluster uuid confidential.  But now that it's been duplicated into maas_cluster.conf, it is exposed to anyone with filesystem access on the cluster controller.  This branch fixes that.
-- 
https://code.launchpad.net/~jtv/maas/pkg-bug-1089802/+merge/139645
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~jtv/maas/pkg-bug-1089802 into lp:~maas-maintainers/maas/packaging.

=== modified file 'debian/maas-cluster-controller.postinst'
--- debian/maas-cluster-controller.postinst	2012-12-12 17:44:39 +0000
+++ debian/maas-cluster-controller.postinst	2012-12-13 10:05:10 +0000
@@ -70,10 +70,14 @@
     # logging
     create_log_dir
 
-    # The local celery config may contain a private cluster UUID.  Only
-    # maas can read it; only root can write it.
-    chown root:maas /etc/maas/maas_local_celeryconfig_cluster.py
-    chmod 0640 /etc/maas/maas_local_celeryconfig_cluster.py
+    # These config files may contain a private cluster UUID.  Only maas
+    # can read them; only root can write them
+    chown root:maas \
+        /etc/maas/maas_local_celeryconfig_cluster.py \
+        /etc/maas/maas_cluster.conf
+    chmod 0640 \
+        /etc/maas/maas_local_celeryconfig_cluster.py \
+        /etc/maas/maas_cluster.conf
 
     configure_maas_tgt
 fi