Bug 115251

Summary: ccm load can't write to /etc/ccm/conf
Product: [Retired] Red Hat Web Application Framework Reporter: Daniel BerrangĂ© <berrange>
Component: installationAssignee: Dennis Gregorovic <dgregor>
Status: CLOSED RAWHIDE QA Contact: Jon Orris <jorris>
Severity: medium Docs Contact:
Priority: medium    
Version: nightly   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-03-05 20:58:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 113496    

Description Daniel Berrangé 2004-02-09 17:43:07 UTC
Description of problem:
The ccm load command runs as servlet, but the /etc/ccm/conf directory
is owned by root, thus it is unable to create the config registry
files. We need to make this directory writable by 'servlet'. Doing
this, however, introduces a security risk because the servlet can now
overwrite the resin.conf and log4j.properties files. Thus these two
files need to be moved elsewhere.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Daniel Berrangé 2004-02-09 17:44:24 UTC
In fact I'd question whether the /etc/ccm/conf directory should be
writable by the servlet container at all - only the 'ccm set' or 'ccm
load' commands ever change the config properties. 


Comment 2 Dennis Gregorovic 2004-02-09 18:34:21 UTC
40193 and 40195 introduce fixes to make /etc/ccm/conf writable by the
servlet user.  However, as Dan points out in comment #1, this could
introduce a security rick.  I'll post some more thoughts this afternoon.


Comment 3 Dennis Gregorovic 2004-02-23 22:04:12 UTC
fixed at @40709.  That checkin also includes a description of the new
filesystem permissions