brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-46) Files created by persistence mechanism should not be readable by other users
Date Wed, 13 Aug 2014 18:04:12 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-46?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095821#comment-14095821
] 

ASF GitHub Bot commented on BROOKLYN-46:
----------------------------------------

Github user neykov commented on the pull request:

    https://github.com/apache/incubator-brooklyn/pull/114#issuecomment-52086296
  
    @aledsage The code fails as expected on Windows and is logged only once. I would consider
fencing the call with isWindows() check to avoid it in the first place - it looks like an
error state to the user but is the expected behaviour.


> Files created by persistence mechanism should not be readable by other users
> ----------------------------------------------------------------------------
>
>                 Key: BROOKLYN-46
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-46
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Sam Corbett
>            Assignee: Aled Sage
>
> Originally reported at: https://github.com/brooklyncentral/brooklyn/issues/1240
> Files containing persisted state have permissions 644. Files containing persisted locations
contain private key data. Other users should not be able to read this data. We should follow
ssh's practice and restrict access to the user that owns the private key.
> {code}
> $ su otheruser
> $ ls -l /Users/sam/.brooklyn/brooklyn-persisted-state/data/locations
> total 112
> -rw-r--r--  1 sam  staff  2319 10 Mar 10:38 BhIXCfBt
> -rw-r--r--  1 sam  staff  2317 10 Mar 10:38 FktCwLnX
> ...
> $ cat /Users/sam/.brooklyn/brooklyn-persisted-state/data/locations/BhIXCfBt 
> <location>
>   <brooklynVersion>0.7.0-SNAPSHOT</brooklynVersion>
>   <type>brooklyn.location.basic.SshMachineLocation</type>
>   <id>BhIXCfBt</id>
>   <displayName>SshMachineLocation:BhIX</displayName>
>   <children/>
>   <locationConfig>
>     <longitude type="double">-77.48750305175781</longitude>
>     <port type="int">22</port>
>     <latitude type="double">39.043701171875</latitude>
>     <user>sam</user>
>     <privateKeyData>-----BEGIN RSA PRIVATE KEY-----
>     ... :-(
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message