[ci skip] Autodoc commit for 68495e1.

develop/_sources/reference/files/ondemand-d-ymls.rst.txt

@@ -24,6 +24,10 @@ These properties support profile based configuration, see the :ref:`profile conf
              i.e. ``OOD_BRAND_BG_COLOR: '#0000ff'``. If you omit the quotes, YAML will see ``#`` as a comment and the value of the ``OOD_BRAND_BG_COLOR`` will be ``nil``
 
 
+.. warning::
+  OnDemand will only respond to root owned files. Configuration files
+  that are not owned by the root user (uid 0) will not be read.
+
 .. _profile_properties:
 
 Configuration Properties with profile support

develop/_sources/release-notes/v4.0-release-notes.rst.txt

@@ -89,6 +89,19 @@ id of the form item will be lowercase as shown below.
 
   id="batch_connect_session_context_my_cool_form_item"
 
+Root owned configuration files
+******************************
+
+In an effort to increase the security of the Open OnDemand platform,
+the system will now start to only respond to root owned configuration
+files.
+
+This will mean that all configfuration files in ``/etc/ood/config``
+will need to be owned by the ``root`` user (uid 0) in order to be used.
+
+While these files need to be root owned, they can continue to have any
+group ownership.
+
 Deprecations
 ............
 

develop/reference/files/ondemand-d-ymls.html

@@ -233,6 +233,11 @@
 <p>When using environment variables with <code class="docutils literal notranslate"><span class="pre">nginx_stage.yml</span></code> file, be careful to set the value using quotes
 i.e. <code class="docutils literal notranslate"><span class="pre">OOD_BRAND_BG_COLOR:</span> <span class="pre">'#0000ff'</span></code>. If you omit the quotes, YAML will see <code class="docutils literal notranslate"><span class="pre">#</span></code> as a comment and the value of the <code class="docutils literal notranslate"><span class="pre">OOD_BRAND_BG_COLOR</span></code> will be <code class="docutils literal notranslate"><span class="pre">nil</span></code></p>
 </div>
+<div class="admonition warning">
+<p class="admonition-title">Warning</p>
+<p>OnDemand will only respond to root owned files. Configuration files
+that are not owned by the root user (uid 0) will not be read.</p>
+</div>
 <div class="section" id="configuration-properties-with-profile-support">
 <span id="profile-properties"></span><h2>Configuration Properties with profile support<a class="headerlink" href="#configuration-properties-with-profile-support" title="Permalink to this headline">¶</a></h2>
 <dl class="describe">

develop/release-notes/v4.0-release-notes.html

@@ -349,6 +349,16 @@ <h4>Batch connect form ids are now lowercase.<a class="headerlink" href="#batch-
 </pre></div>
 </div>
 </div>
+<div class="section" id="root-owned-configuration-files">
+<h4>Root owned configuration files<a class="headerlink" href="#root-owned-configuration-files" title="Permalink to this headline">¶</a></h4>
+<p>In an effort to increase the security of the Open OnDemand platform,
+the system will now start to only respond to root owned configuration
+files.</p>
+<p>This will mean that all configfuration files in <code class="docutils literal notranslate"><span class="pre">/etc/ood/config</span></code>
+will need to be owned by the <code class="docutils literal notranslate"><span class="pre">root</span></code> user (uid 0) in order to be used.</p>
+<p>While these files need to be root owned, they can continue to have any
+group ownership.</p>
+</div>
 </div>
 <div class="section" id="deprecations">
 <h3>Deprecations<a class="headerlink" href="#deprecations" title="Permalink to this headline">¶</a></h3>