Question & Answer
Question
While running periodic hardening process of cluster nodes, we noticed that some files and folders belonging to ICP have world writable permission (777 or 666). An example of these files/directories are:
drwxrwxrwt root root /var/lib/docker/overlay2/0e2d
or
-rw-rw-rw- root root /var/lib/kubelet/pods/fcd0f27
and also some into $home/.kube subfolders.
Is it an expected condition ?
If not, can we change the permission for those directories and files to get rid of world writable bit ?
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBS6K","label":"IBM Cloud Private"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Product Synonym
IBM Cloud Private;ICP
Was this topic helpful?
Document Information
Modified date:
13 March 2019
UID
ibm10875656