Allow integrated software to read keys #1030

merged 2 commits into from Mar 31, 2012


None yet

2 participants

teancom commented Mar 31, 2012

From a comment I put right into the code:

Allow the pki dir to be 700 or 750, but nothing else. 
This prevents other users from writing out keys, while
allowing the use-case of 3rd-party software (like django)
to read in what it needs to integrate. 

If the permissions aren't correct, default to the more secure 700.

This will allow our custom django-based cmdb/virtualization control software to continue working.

I also did a #todo while I was in there - adding logging if we are unable to change the permissions of the pki dir to be safe.

@thatch45 thatch45 merged commit b5b9906 into saltstack:develop Mar 31, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment