Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1353878 - [WALA] waagent set a wrong permission to /etc/shadow
Summary: [WALA] waagent set a wrong permission to /etc/shadow
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: WALinuxAgent
Version: 7.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Yue Zhang
QA Contact: Virtualization Bugs
Depends On:
TreeView+ depends on / blocked
Reported: 2016-07-08 09:51 UTC by
Modified: 2019-02-26 20:57 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-08-09 09:28:45 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description 2016-07-08 09:51:27 UTC
Description of problem:
waagent set 0600 access permission to /etc/shadow file , which should be 0000 in both RHEL-6 and RHEL-7.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install a RHEL7.2 VM local. Check the access permission of /etc/shadow
# ll /etc/shadow
----------. 1 root root 848 Jun 30 19:27 /etc/shadow
2. Upload this image to Azure and create a VM base on it.
3. Check the access permission of /etc/shadow
# sudo ls -l /etc/shadow

Actual results:
-rw-------. 1 root root 786 Jul  7 23:22 /etc/shadow

Expected results:
The access permission of /etc/shadow should be 0000

Additional info:
The root cause is that during deprovisioning or provisioning, the waagent modify the access permission file and then try to recover the access permission. But in the source code there's no specified shadow_file_mode parameter in the redhat distro, and the default value of that is 0600.

Comment 2 2016-08-09 09:28:45 UTC
Fixed in WALinuxAgent-2.1.5. Don't chmod of /etc/shadow file. Verify and Close it.

*** This bug has been marked as a duplicate of bug 1360492 ***

Note You need to log in before you can comment on or make changes to this bug.