Directory Permissions

Asked by Bryan Dobson on 2018-03-02

I apologize if this has been asked before but I've not been able to find a definitive answer.

What are the required directory permissions for cloud-init to work?

For example, if a customer was launching the image from Amazon (AMI) and wanted to use the "User Data" feature to do some pre-configuration. Our existing image in an effort to be as STIG compliant as possible had strict limitations on mounts like noexec for /tmp and /var.

In my testing, this prevented cloud-init to work on boot of the machine. Is there a cloud-init way to allow it to work and then reset the permissions after?

The AMI uses the latest version of cloud-init.

Thank you

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu cloud-init Edit question
Assignee:
No assignee Edit question
Last query:
2018-03-02
Last reply:
2018-03-19

What level of access do they need?

Bryan Dobson (bdobsoncdn) said : #2

As far as I've been able to determine it requires "exec" on tmp and or var which immediately makes something not STIG. However, if this is just on start and cloud-init and re-write fstab after to make it secure again.

I've just not been able to, and I may have just missed it, find exactly what permissions cloud-init requires.

Launchpad Janitor (janitor) said : #3

This question was expired because it remained in the 'Needs information' state without activity for the last 15 days.