eb557c0450
This commit changes the group ownership for "/opt/platform/.keyring" directory, and its subdirectories and files, from "root" to 'sys_protected', when keystone password changes for the admin user. The 'sys_protected' group ownership is needed to support access privileges for OpenLDAP/WAD users and is implemented by the ansible bootstrap configuration. The group ownership update in this commit is required because after a keystone and corresponding keyring password change for the admin user, the group ownership of the "/opt/platform/.keyring" directory has been reset to "root". As a consequence, a ldap user loses permission to access files in that directory. The group ownership reset is done in the keystone package. That is why the fix for this bug is delivered as a patch for the keystone package. Test Plan: PASS: Verify the keystone patch install correctly. PASS: Verify the group ownership was applied correctly for files in "/opt/platform/.keyring" so are part of the "sys_protected" group before changing keystone password for the admin user. PASS: Verify the group ownership for files in "/opt/platform/.keyring" remains "sys_protected" after changing keystone password for the admin user. PASS: Verify that an openldap user that is part of the "sys_protected" group can execute command: "source /etc/platform/openrc" after the keystone password has been changed for the admin user. Closes-Bug: 2039870 Change-Id: I0360d1f13725cca9900b967c32451fc6f7afe761 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> |
||
|---|---|---|
| .. | ||
| 0001-Support-storing-users-in-keyring.patch | ||
| 0002-change-group-perm-to-keyring-dir.patch | ||
| series | ||