chef - [chef] chef-server-webui: webui + cert key permissions

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] chef-server-webui: webui + cert key permissions

From: Hedge Hog < >
To:
Subject: [chef] chef-server-webui: webui + cert key permissions
Date: Sun, 1 May 2011 00:00:35 +1000
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=QQHmN4Rh2sRyAPNsBPl8QNjdxqWlzWjMyTsFOiD1N1VEkSl5rht5iSngGCbavG+oBA 57wmFx1f3NeUTF0M2G7NghXE8r/eKhK/2DshjdMXH2qmADhZlK6CQxiqlosMUsCuA1bN Oe7vBH+NzzQr3XipAgQP0javO+W7DGmaM+920=

When launching from vagrant, the following files have user:group as
vagrant:vagrant, and it seems the 600 permissions are too stringent
on:
/etc/chef/certificates/key.pem
/etc/chef/webui.pem

I found that the tasks (e.g. webui launch and create client) proceed
with 644 permissions.

Is this too permissive to be the default permissions on these two files?

As far as I can tell this is the last issue preventing a
'smooth'/'just-works' launch of Chef server from a Vagrantfile.

HTH?

--
πόλλ' οἶδ ἀλώπηξ, ἀλλ' ἐχῖνος ἓν μέγα
[The fox knows many things, but the hedgehog knows one big thing.]
Archilochus, Greek poet (c. 680 BC – c. 645 BC)
http://wiki.hedgehogshiatus.com

[chef] chef-server-webui: webui + cert key permissions, Hedge Hog, 04/30/2011