Bug 1182304
Summary: | incorrect specification of ghost file mlocate.db in mlocate package | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Paulo Andrade <pandrade> | |
Component: | mlocate | Assignee: | Michal Sekletar <msekleta> | |
Status: | CLOSED ERRATA | QA Contact: | Stefan Kremen <skremen> | |
Severity: | low | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.6 | CC: | pandrade, skremen | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | All | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause:
mlocate package wrongly claimed that its database file has owner:group equal to root:root and permission are 644. However database file is not shipped in rpm package it self and it is created with root:slocate 640 permissions.
Consequence:
Openscap tools are reporting this problem.
Fix:
Adjusted permissions in mlocate spec file.
Result:
Openscap tools should not issue warnings and rpm database will reflect actual state of database file on the system.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1185798 (view as bug list) | Environment: | ||
Last Closed: | 2015-03-12 09:00:38 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1182306, 1182307, 1185798 |
Description
Paulo Andrade
2015-01-14 20:17:59 UTC
For rhel-6.7 there will be fastrack errata for mlocate. I think this bug is suitable for inclusion in that errata. Hi Paulo, I am unable to reproduce the bug. All tested stable systems (rhel 5, 6 and 7) showed correct permissions 640 even before applying this patch and running "rpm --verify mlocate" didn't complain. Even after permissions have been changed manually to 644 the "rpm --verify mlocate" didn't complain a bit. Would you please state what rhel, rpm and mlocate versions were you able to see this problem? Thank you, Stefan Hi Stefan, I asked the customer. I believe it should be some custom tool. At least in rhel-6 and rhel-7, I could not find a way to force "rpm -V" to even consider checking ghost files. I can think of some script that would use "rpm -ql --dump" and compare with actual files, but could not find anything related. (In reply to Paulo Andrade from comment #7) > I can think of some script that would use "rpm -ql --dump" Hi Paulo, thank you for suggesting this, it was helpful and I am now able to get the reproducer: # rpm -ql --dump mlocate | grep -E "^/var/lib/mlocate/mlocate\.db.*644 root root.*$" /var/lib/mlocate/mlocate.db 0 1348490607 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0100644 root root 0 0 0 X Hi Stefan, Quoting the reply from the customer """ the issue was flagged by openscap runs. I then compared the output of rpm -qlv with the actual permissions in the filesystem. E.g: # rpm -qlv mlocate [...] drwxr-x--- 2 root slocate 0 Sep 24 2012 /var/lib/mlocate -rw-r--r-- 1 root root 0 Sep 24 2012 /var/lib/mlocate/mlocate.db # ls -al /var/lib/mlocate total 1424 drwxr-x---. 2 root slocate 4096 Jan 29 03:22 . drwxr-xr-x. 34 root root 4096 Jan 8 18:20 .. -rw-r-----. 1 root slocate 1448261 Jan 29 03:22 mlocate.db As you can see the rpm requires permissions 0644 and root:root ownership, while the uodatedb command will create the file with permissions 0640 and ownership root:slocate. """ Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0676.html |