-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Ubuntu Server 12.04 64 bits
In the default Ubuntu install, several config files (all but identity.key and the secrets/ folder) are set world readable on the FS.
This includes files containing user's credentials/passwords (users/admin/config.xml). Even if LDAP is in use instead of default authentication, the config.xml for Jenkins itself is world readable, disclosing the LDAP binding password to any other user of the system.
In production environments where more than one person can access the system vÃa SSH or other means, or where more than one application lives on the same server, this could lead to credentials disclosure to unauthorized people. As a result, permissions of files containing sensitive information should be tightened to prevent other non-root users from reading them.
Version tested is 1.514
- is related to
-
JENKINS-24987 [Regression] Default permission when archiving a build
-
- Resolved
-
-
JENKINS-25065 https://github.com/jenkinsci/jenkins/pull/1397/commits which over-rides system default umask of 022 to 027 causes problems with folder creation in jobs in release 1.582
-
- Resolved
-
-
JENKINS-25025 Jenkins doesn't start: Exception in thread "main" java.io.FileNotFoundException: /tmp/winstonexxxxxx.jar (Permission denied)
-
- Closed
-
Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
changelog.html
debian/debian/jenkins.default
debian/debian/jenkins.init
http://jenkins-ci.org/commit/jenkins/cf5a9b7c20dfab68247b1cbcf98ba28188475acc
Log:
[FIXED JENKINS-24514]
Ubuntu (at least as of 12.04) has the default umask 022, which made some
users nervous. Quoting its /etc/login.defs below, which explains its
historical origin:
UMASK is the default umask value for pam_umask and is used by
useradd and newusers to set the mode of the new home directories.
022 is the "historical" value in Debian for UMASK
027, or even 077, could be considered better for privacy
There is no One True Answer here : each sysadmin must make up his/her
mind.
It does seem to me that a bit more restrictive default is sensible,
so this change introduces /etc/default/jenkins parameter that sets the
default umask to 027 to prevent "others" from seeing files.
Not that keys and other sensitive files are protected anyway, so it is
not the case that the privacy of Jenkins data files have been vulnerable
prior to this change.