-
Bug
-
Resolution: Done
-
Undefined
-
4.16.z, 4.18.z
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
None
-
None
-
None
-
None
-
Done
-
Bug Fix
-
-
None
-
None
-
None
-
None
This is a clone of issue OCPBUGS-57021. The following is the description of the original issue:
—
Description of problem:
Deploying a SNO using Agent Based Installer sets permissions for the ETCD Data directory, found under /var/lib/etcd/member, as 0755 when multi-node deployment with ABI or SNO using IPI sets the same directory with 700 permissions. This was detected while running Compliance Operator CIS benchmark scans and getting different results for rule xccdf_org.ssgproject.content_rule_file_permissions_etcd_data_dir.
Version-Release number of selected component (if applicable):
Agent Based Installer for OCP 4.18 and OCP 4.16
How reproducible:
Deploy a SNO using ABI
Steps to Reproduce:
1. Deploy a SNO using ABI
2. Check the permissions for /var/lib/etcd/member
3. Compare with other deployments
Actual results:
$ ls -al /var/lib/etcd total 8 drwxr-xr-x. 3 root root 41 Jun 3 12:51 . drwxr-xr-x. 36 root root 4096 Jun 3 12:49 .. drwxr-xr-x. 4 root root 29 Jun 3 12:50 member -rw-r--r--. 1 root root 157 Jun 3 12:51 revision.json
Expected results:
$ ls -al /var/lib/etcd total 8 drwxr-xr-x. 3 root root 41 Jun 3 12:02 . drwxr-xr-x. 37 root root 4096 Jun 3 12:01 .. drwx------. 4 root root 29 Jun 3 12:02 member -rw-r--r--. 1 root root 193 Jun 3 12:02 revision.json
Additional info:
Sosreports, must-gather, scan reports and ABI deployment files attached to the linked case.
- blocks
-
-
- Closed
-
- clones
-
-
- Verified
-
- is blocked by
-
-
- Verified
-
- is cloned by
-
-
- Closed
-
- links to
