Fix: keyring permissions where world readable
Reported in https://bugzilla.suse.com/show_bug.cgi?id=920926
by Andreas Stieger <astieger@suse.com>
Before thsi fix to umask for keyring handling, After execution
of ceph-deploy, all keyrings have mode 644.
The documented ceph-deploy procedure by creating a dedicated
admin user, and keys will be readable to all other (non-admin)
users as well, thus leaking authentication credentials.
The fix uses umask to resolve the writing of keyfiles.
Signed-off-by: Owen Synge <osynge@suse.com>
projects / ceph-deploy.git / commit