oalbrigt
commented
2 years ago Thank you for the report. I'll look into how we should implement this.
Open kk0nrad opened 2 years ago
oalbrigt
commented
2 years ago Thank you for the report. I'll look into how we should implement this.
oalbrigt
commented
2 years ago I've added default permissions and checks in fence_virtd: https://github.com/ClusterLabs/fence-agents/pull/513
the fence-virtd provided by various distros (ie: fedora, centos, so on) is embedded with a default config file that has wrong permissions in my opinion:
ls -al /etc/fence_virt.conf -rw-r--r--. 1 root root 272 May 10 2022 /etc/fence_virt.conf
the file should have 600 permissions like the one that is generated via fence_virtd -c
the key file, ie /etc/cluster/fence_xvm.key, should be also checked for permissions before starting the service