MAAS

Merge lp:~jtv/maas/pkg-bug-1059485 into lp:~maas-maintainers/maas/packaging

  1. pkg-bug-1059485
  2. Merge into packaging
Proposed by Jeroen T. Vermeulen
Status: Merged
Approved by: Jeroen T. Vermeulen
Approved revision: no longer in the source branch.
Merged at revision: 107
Proposed branch: lp:~jtv/maas/pkg-bug-1059485
Merge into: lp:~maas-maintainers/maas/packaging
Diff against target: 15 lines (+5/-0)
1 file modified
debian/maas-region-controller.postinst (+5/-0)
To merge this branch: bzr merge lp:~jtv/maas/pkg-bug-1059485
Reviewer Review Type Date Requested Status
Julian Edwards (community) Approve
Review via email: mp+127234@code.launchpad.net

This proposal supersedes a proposal from 2012-10-01.

Commit message

Make maas_local_celery_config.py non-readable to the world at large; it contains RabbitMQ credentials. The "maas" group (under which the application should run) can still read it. Only root can write it.

Description of the change

Pre-imped by means of a quick sanity check on IRC. Discovered in the process that we were accidentally running the region worker as root. Julian is fixing that.

Jeroen

To post a comment you must log in.
Revision history for this message
Julian Edwards (julian-edwards) wrote : Posted in a previous version of this proposal

wrong target branch!

review: Needs Resubmitting
Revision history for this message
Julian Edwards (julian-edwards) :
review: Approve
Revision history for this message
Julian Edwards (julian-edwards) wrote :

Oh actually this is the wrong file
You want /etc/maas/maas_local_celeryconfig_cluster.py

review: Needs Fixing
Revision history for this message
Julian Edwards (julian-edwards) wrote :

Argh no it's not.

review: Approve
Revision history for this message
Raphaƫl Badin (rvb) wrote :

/etc/maas/maas_local_celeryconfig_cluster.py contains the cluster UUID with is used as a key to identify the cluster controller so I think we should do the same to /etc/maas/maas_local_celeryconfig_cluster.py.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/maas-region-controller.postinst'
2--- debian/maas-region-controller.postinst 2012-09-28 21:06:45 +0000
3+++ debian/maas-region-controller.postinst 2012-10-01 10:49:34 +0000
4@@ -137,6 +137,11 @@
5 mkdir -p /var/lib/maas/media/storage
6 chown -R maas:maas /var/lib/maas/
7
8+ # Local celery config may contain credentials, so should be readable
9+ # by the application but nobody else.
10+ chown root:maas /etc/maas/maas_local_celeryconfig.py
11+ chmod 0640 /etc/maas/maas_local_celeryconfig.py
12+
13 #########################################################
14 ################ Configure Apache2 ####################
15 #########################################################

Subscribers

People subscribed via source and target branches