osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[oslo][security] Are config files vetted for ownership/permissions?


When $service loads up a config file like /etc/nova/nova.conf via
oslo.config, is there anything that makes sure the dir and/or file are
owned by the process user/group and have appropriate permissions? E.g.
to prevent $hacker from modifying/replacing config opts and making
$service do horrible things to my system/cloud. (I'm less concerned with
$hacker seeing passwords etc., though I expect we would be accounting
for both or neither.)

efried
.