<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Working through an audit and need to determine what the expected permissions are for the following files.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[root@techval13]# rpm -V pcs<o:p></o:p></p>
<p class="MsoNormal">.M....... c /var/lib/pcsd/pcs_settings.conf<o:p></o:p></p>
<p class="MsoNormal">.M....... c /var/lib/pcsd/pcs_users.conf<o:p></o:p></p>
<p class="MsoNormal">.M....... c /var/lib/pcsd/pcsd.cookiesecret<o:p></o:p></p>
<p class="MsoNormal">.M....... c /var/lib/pcsd/pcsd.crt<o:p></o:p></p>
<p class="MsoNormal">.M....... c /var/lib/pcsd/pcsd.key<o:p></o:p></p>
<p class="MsoNormal">.M....... c /var/lib/pcsd/tokens<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Looking at the RPM spec, these appear to be ghost files with permissions set to 000 in the spec.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[root@techval13]# rpm -q --dump pcs | grep /var/lib/pcsd/pcs_settings.conf<o:p></o:p></p>
<p class="MsoNormal">/var/lib/pcsd/pcs_settings.conf 0 1541089158 0000000000000000000000000000000000000000000000000000000000000000 0100000 root root 1 0 0 X<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Currently, the permissions after a normal installation are listed in the “first” column from my custom report output. The second column is the “expected” permissions from the RPM spec.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> 644 | 000 | /var/lib/pcsd/pcs_settings.conf | pcs-0.9.165-6.0.1.el7.x86_64<o:p></o:p></p>
<p class="MsoNormal"> 644 | 000 | /var/lib/pcsd/pcs_users.conf | pcs-0.9.165-6.0.1.el7.x86_64<o:p></o:p></p>
<p class="MsoNormal"> 700 | 000 | /var/lib/pcsd/pcsd.cookiesecret | pcs-0.9.165-6.0.1.el7.x86_64<o:p></o:p></p>
<p class="MsoNormal"> 700 | 000 | /var/lib/pcsd/pcsd.crt | pcs-0.9.165-6.0.1.el7.x86_64<o:p></o:p></p>
<p class="MsoNormal"> 700 | 000 | /var/lib/pcsd/pcsd.key | pcs-0.9.165-6.0.1.el7.x86_64<o:p></o:p></p>
<p class="MsoNormal"> 600 | 000 | /var/lib/pcsd/tokens | pcs-0.9.165-6.0.1.el7.x86_64<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any help or guidance would be greatly appreciated.<o:p></o:p></p>
<p class="MsoNormal"><br>
Thanks<o:p></o:p></p>
<p class="MsoNormal">Robert<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p style="font-family: arial, sans-serif; font-size: 8pt; color: #6A737B">CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential
and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the
addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.</p>
</div>
</body>
</html>