curl|bash installer creates a ~/.st2/config file containing StackStorm login creds with read-all permissions:
$ ls -la ~/.st2/config
-rw-r--r-- 1 vagrant vagrant 54 May 23 14:09 /home/vagrant/.st2/config
This way unauthorized Linux user can read st2 login creds username:password saved by the other user.
Ideally, ~/.st2/ dir should have also 2750 permissions, (currently 0755), - that part could be addressed in StackStorm/st2 core itself.
curl|bashinstaller creates a~/.st2/configfile containing StackStorm login creds with read-all permissions:This way unauthorized Linux user can read st2 login creds
username:passwordsaved by the other user.Ideally,
~/.st2/dir should have also2750permissions, (currently0755), - that part could be addressed in StackStorm/st2 core itself.