CASMCMS-9040 - change permissions on image config files after recipe build.

[dlaine-hpe]

Summary and Scope

When recipes are built with kiwi-ng, some of the config files are built into the resulting image with global read permissions. There are times these files contain sensitive information. This change makes the directory and the files only accessible by the root user.

Issues and Related PRs

• Resolves CASMCMS-9040

Testing

Tested on:

• Tyr

Test description:

Built the barebones recipe on Tyr with the installed 1.6.0 system. I verified that the config files are present in the resulting image and are globally readable. I updated the ims-utils image and rebuilt the image. This time I was able to verify that the files still exist, but both the directory and file permissions are set in such a way that only the root user can see them.

• Were the install/upgrade-based validation checks/tests run (goss tests/install-validation doc)? N
• Were continuous integration tests run? If not, why? N
• Was upgrade tested? If not, why? N
• Was downgrade tested? If not, why? N
• Were new tests (or test issues/Jiras) created for this change? N

Risks and Mitigations

This is a low risk change. If the files are present they have the permissions modified. If they don't exist nothing happens.

Pull Request Checklist

• Version number(s) incremented, if applicable
• Copyrights updated
• License file intact
• Target branch correct
• CHANGELOG.md updated
• Testing is appropriate and complete, if applicable