Bug 1334400

Summary: installer does not check&fix wrong permissions on /etc/pki/pulp/rsa.key
Product: Red Hat Satellite Reporter: Pavel Moravec <pmoravec>
Component: InstallationAssignee: Chris Roberts <chrobert>
Status: CLOSED ERRATA QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1.8CC: bbuckingham, chrobert, jcallaha, stbenjam, zhunting
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
URL: http://projects.theforeman.org/issues/16941
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 16:44:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pavel Moravec 2016-05-09 13:58:54 UTC 
Description of problem:
User story: After manually fixing some SSL certificate files, and leaving /etc/pki/pulp/rsa.key owned by root:root, katello-installer was run to fix potential file permissions and ownership discrepancies. But this file was still owned by root:root while it must be owned by root:apache (otherwise half of pulp requests fail on file access error).

Please update installer such that it sets properly file ownership of /etc/pki/pulp/rsa.key .


Version-Release number of selected component (if applicable):
katello-installer-2.3.25-1.el7sat.noarch
pulp-server-2.6.0.20-1.el7sat.noarch


How reproducible:
100%


Steps to Reproduce:
1. Have installed Sat6
2. chown root:root /etc/pki/pulp/rsa.key
3. katello-installer
4. ll /etc/pki/pulp/rsa.key


Actual results:
Step 4. shows:

-rw-r-----. 1 root root 1679 May  7 15:40 /etc/pki/pulp/rsa.key


Expected results:
Step 4. to show:

-rw-r-----. 1 root apache 1679 May  7 15:40 /etc/pki/pulp/rsa.key


Additional info:
Not sure what other files can be affected by the same bug.
Comment 2 Stephen Benjamin 2016-10-14 13:52:04 UTC 
Created redmine issue http://projects.theforeman.org/issues/16941 from this bug
Comment 3 Zach Huntington-Meath 2017-08-09 15:46:35 UTC 
Verified on the most recent Satellite 6.3.0-10 snap.

My verification steps were:

1. chown root:root /etc/pki/pulp/rsa.key
2. satellite-installer
3. ll /etc/pki/pulp/rsa.key

and the permissions were:

-rw-r----- 1 root apache 1675 Aug  9 13:15 /etc/pki/pulp/rsa.key
Comment 4 Satellite Program 2018-02-21 16:44:36 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336