Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File permissions of ca/CS.cfg differ if random serial numbers are enabled #4906

Open
flo-renaud opened this issue Nov 25, 2024 · 0 comments
Open

File permissions of ca/CS.cfg differ if random serial numbers are enabled #4906

flo-renaud opened this issue Nov 25, 2024 · 0 comments

Comments

@flo-renaud
Copy link

The installation of an IPA server with / without random serial numbers creates the file /var/lib/pki/pki-tomcat/conf/ca/CS.cfg with different file permissions:

  • if random serial numbers are enabled: -rw-rw-r--. 1 pkiuser pkiuser 64262 Nov 25 11:07 /var/lib/pki/pki-tomcat/conf/ca/CS.cfg
  • if sequential serial numbers are used: -rw-rw----. 1 pkiuser pkiuser 66148 Nov 25 11:00 /var/lib/pki/pki-tomcat/conf/ca/CS.cfg

This difference triggers a ipa-healthcheck warning when ipa server is installed with RSNv3:

  {
    "source": "ipahealthcheck.ipa.files",
    "check": "TomcatFileCheck",
    "result": "WARNING",
    "uuid": "2c476ea0-2469-4162-b572-be442c069c1d",
    "when": "20241125160214Z",
    "duration": "0.001460",
    "kw": {
      "key": "_var_lib_pki_pki-tomcat_conf_ca_CS.cfg_mode",
      "path": "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg",
      "type": "mode",
      "expected": "0660",
      "got": "0664",
      "msg": "Permissions of /var/lib/pki/pki-tomcat/conf/ca/CS.cfg are too permissive: 0664 and should be 0660"
    }
  }

Reproduced with the following packages on fedora 41:
dogtag-pki-server-11.5.0-3.fc41.2.noarch
freeipa-server-4.12.2-4.fc41.x86_64
freeipa-healthcheck-0.17-4.fc41.noarch
@flo-renaud flo-renaud mentioned this issue Nov 25, 2024
Closed
This was referenced Nov 27, 2024
Closed
Closed
@amore17 amore17 mentioned this issue Nov 28, 2024
Closed
This was referenced Nov 28, 2024
Closed
Closed
This was referenced Dec 2, 2024
Closed
Closed
This was referenced Dec 4, 2024
Closed
Closed
Closed
@miskopo miskopo mentioned this issue Dec 5, 2024
Closed
@flo-renaud flo-renaud mentioned this issue Dec 6, 2024
Closed
@miskopo miskopo mentioned this issue Dec 7, 2024
Closed
This was referenced Dec 9, 2024
Closed
Closed
This was referenced Dec 9, 2024
Closed
Closed
@amore17 amore17 mentioned this issue Dec 11, 2024
Closed
@miskopo miskopo mentioned this issue Dec 11, 2024
Closed
This was referenced Dec 12, 2024
Closed
Closed
This was referenced Dec 16, 2024
Closed
Closed
This was referenced Dec 18, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@flo-renaud