Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 456562 - Change package permissions to rw-r--r--
Summary: Change package permissions to rw-r--r--
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Spacewalk
Classification: Community
Component: Server
Version: 0.1
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Pradeep Kilambi
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks: space02
TreeView+ depends on / blocked
 
Reported: 2008-07-24 17:50 UTC by Justin Sherrill
Modified: 2009-09-17 06:59 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 484475 (view as bug list)
Environment:
Last Closed: 2009-09-17 06:59:38 UTC


Attachments (Terms of Use)

Description Justin Sherrill 2008-07-24 17:50:53 UTC
When porting the package download from perl to java, tomcat will need to be able
to read all of the pacakges, but sat-sync and rhnpush currently marks the
packages as 640 with apache:root ownership.

This needs to be changed to 644.

Comment 1 Clifford Perry 2008-08-01 18:46:21 UTC
Any other viable options? 
- Make tomcat user in the apache group *and* then change sat-sync code to write
stuff:
0640 apache:apache
from
0640 apache:root

Does 'root' need this access at group level to the files? 

Making the files globally readable by change:
0644 
is less of a change to do, less risky in code, but does expose the entire
/var/satellite/ contents to any normal user on that has ssh access, but is this
a problem, most likely not. 

So, 0644 sounds fine, I think the risk exposure is minimal. 

Pretty sure this is a one liner to change:
satellite_tools/syncLib.py:        setPermsPath(self.full_path, user='apache',
group='root', chmod=0640)

*if* we make a change, we will need as part of upgrade process, a separate bug
to track and if needed as part of upgrade change permissions. 


Cliff

Comment 2 Pradeep Kilambi 2008-08-01 19:12:37 UTC
fixed and upgrade process already handles this perms update.

Comment 3 Devan Goodwin 2008-09-05 15:44:28 UTC
Verified in spacewalk 0.2. Packages are being stored with 0644. (-rw-r--r--)

Comment 4 Brandon Perkins 2009-02-10 02:01:13 UTC
Remove bug 456562 blocks bug 484475.

Comment 5 Miroslav Suchý 2009-09-17 06:59:38 UTC
Spacewalk is released for long time.


Note You need to log in before you can comment on or make changes to this bug.