yahoo-eng-team team mailing list archive

[Scott Moser <smoser@xxxxxxxxxx>]

Fixed in 721348a622a660b65acfdf7fdf53203b47f80748

** Changed in: cloud-init
   Importance: Undecided => Medium

** Changed in: cloud-init
       Status: New => Fix Committed

** Changed in: cloud-init
     Assignee: (unassigned) => Lars Kellogg-Stedman (larsks)

** Also affects: cloud-init (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Changed in: cloud-init (Ubuntu Artful)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

Status in cloud-init:
  Fix Committed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Artful:
  Fix Released

Bug description:
  In my deploy image, the default permission of sshd_config file is 600.
  It always be changed to 644 after cloud-init run. After debug, it is
  caused by cloud-config item:

  ssh_pwauth: true

  The related code is:

          lines = [str(l) for l in new_lines]
          util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.

  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.

  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions