2018-01-17 18:52 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001715openmediavaultBugpublic2017-04-10 17:21
Assigned Tovotdev 
PlatformErasmusOSOS Version
Product Version 
Target VersionFixed in VersionErasmus (3.x) 
Summary0001715: ldap plugin: Wrong permissions of config files with sensitive data
DescriptionAfter configuration of the LDAP plugin with sensitive data like binddn and bindpw the created config files "pam_ldap.conf" and "libnss-ldap.conf" are readable for the world (0644) :-(

-rw-r--r-- 1 root root 317 Apr 7 17:15 libnss-ldap.conf
-rw-r--r-- 1 root root 166 Apr 7 17:15 pam_ldap.conf

They should be protected with at least with mode 0640.

Tagserasmus, ldap
Product build
Attached Files




kschoenf (reporter)

After manually correction of the file permissions and an updated LDAP config the permissions of the updated config files are not changed. So it seem's that only the initial creation of the config files is wrong.


kschoenf (reporter)

The "libnss-ldap.secret" file has the right permissions, so that only the permissions of the "pam_ldap.conf" should be corrected.


votdev (administrator)

Fixed in openmediavault-ldap 3.1.6, see https://github.com/openmediavault/openmediavault/commit/82ed77303656e347514aa68e22b2c721935f31ec.

-Issue History
Date Modified Username Field Change
2017-04-07 18:04 kschoenf New Issue
2017-04-07 18:04 kschoenf Status new => assigned
2017-04-07 18:04 kschoenf Assigned To => votdev
2017-04-07 18:04 kschoenf Tag Attached: erasmus
2017-04-07 18:04 kschoenf Tag Attached: ldap
2017-04-07 18:11 kschoenf Note Added: 0004696
2017-04-07 18:24 kschoenf Note Added: 0004697
2017-04-10 17:21 votdev Status assigned => resolved
2017-04-10 17:21 votdev Resolution open => fixed
2017-04-10 17:21 votdev Fixed in Version => Erasmus (3.x)
2017-04-10 17:21 votdev Note Added: 0004702
+Issue History