<div dir="ltr">I think we should follow bug 1458915 principles and remove any POSIX user/group control. So all modules are consistent among which other<br>This hardening actions should be reported to specific package mantainers.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 23, 2015 at 6:10 PM, Alex Schultz <span dir="ltr"><<a href="mailto:aschultz@mirantis.com" target="_blank">aschultz@mirantis.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Wed, Sep 23, 2015 at 2:32 PM, Alex Schultz <<a href="mailto:aschultz@mirantis.com">aschultz@mirantis.com</a>> wrote:<br>
> Hey all,<br>
><br>
> So as part of the Puppet mid-cycle, we did bug triage.  One of the<br>
> bugs that was looked into was bug 1289631[0].  This bug is about<br>
> applying the recommendations from the security guide[1] within the<br>
> puppet-swift module.  So I'm sending a note out to get other feedback<br>
> on if this is a good idea or not.  Should we be applying this type of<br>
> security items within the puppet modules by default? Should we make<br>
> this optional?  Thoughts?<br>
><br>
><br>
> Thanks,<br>
> -Alex<br>
><br>
><br>
> [0] <a href="https://bugs.launchpad.net/puppet-swift/+bug/1289631" rel="noreferrer" target="_blank">https://bugs.launchpad.net/puppet-swift/+bug/1289631</a><br>
> [1] <a href="http://docs.openstack.org/security-guide/object-storage.html#securing-services-general" rel="noreferrer" target="_blank">http://docs.openstack.org/security-guide/object-storage.html#securing-services-general</a><br>
<br>
</span>Also for the puppet side of this conversation, the change for the<br>
security items[0] also seems to conflict with bug 1458915[1] which is<br>
about removing the posix users/groups/file modes.  So which direction<br>
should we go?<br>
<br>
[0] <a href="https://review.openstack.org/#/c/219883/" rel="noreferrer" target="_blank">https://review.openstack.org/#/c/219883/</a><br>
[1] <a href="https://bugs.launchpad.net/puppet-swift/+bug/1458915" rel="noreferrer" target="_blank">https://bugs.launchpad.net/puppet-swift/+bug/1458915</a><br>
<div class="HOEnZb"><div class="h5"><br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><font face="Arial, Helvetica, sans-serif" size="2"><b>guilherme</b> \n<br>\<font size="2">t</font> <b>maluf</b><br></font></div>
</div>