Bug 1350722

Summary:	engine-backup --help, /etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-database.conf: Permission denied
Product:	[oVirt] ovirt-engine	Reporter:	Jiri Belka <jbelka>
Component:	Backup-Restore.Engine	Assignee:	Ido Rosenzwig <irosenzw>
Status:	CLOSED WONTFIX	QA Contact:	Jiri Belka <jbelka>
Severity:	low	Docs Contact:
Priority:	medium
Version:	4.0.0	CC:	bugs, jbelka, sbonazzo, ylavi
Target Milestone:	---	Keywords:	EasyFix
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-12-19 14:27:16 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	Integration	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Jiri Belka 2016-06-28 08:50:00 UTC

Description of problem:

any tool with --help argument should not require "special" permission

-bash-4.2$ engine-backup --help
/bin/engine-backup: line 65: /etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-database.conf: Permission denied

-bash-4.2$ id
uid=26(postgres) gid=26(postgres) groups=26(postgres) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Version-Release number of selected component (if applicable):
ovirt-engine-tools-backup-4.0.0.6-0.1.el7ev.noarch

How reproducible:
100%

Steps to Reproduce:
1. su -l postgres -c 'engine-backup --help'
2.
3.

Actual results:
engine-backup requires "special" permission even with --help argument

Expected results:
engine-backup --help should work for every user who doesn't have any special
permissions

Additional info:

Comment 1 Yaniv Lavi 2016-06-30 08:44:57 UTC

Does it work for regular users? non system ones.

Comment 2 Yedidyah Bar David 2016-06-30 09:00:47 UTC

(In reply to Yaniv Dary from comment #1)
> Does it work for regular users? non system ones.

By default (which should not change), the file has these permissions:
[ovirt-engine-dwhd.conf.d]# ls -l 10-setup-database.conf 
-rw-------. 1 ovirt ovirt 727 Jun 16 14:34 10-setup-database.conf

Thus is readable only for users 'ovirt' and 'root.

Any other user will get same error.

Comment 3 Yaniv Kaul 2017-09-04 14:27:43 UTC

close-wontfix ?

Comment 4 Sandro Bonazzola 2017-09-08 09:44:13 UTC

(In reply to Yaniv Kaul from comment #3)
> close-wontfix ?

no, I think we should exit with "You need to be root for running this tool" instead of exiting on Permission denied

Comment 5 Ido Rosenzwig 2017-12-17 08:55:15 UTC

Sandro, this is not what 'permission denied' means ?

Also, for consistency, if we do agree to add this message, we should add it for all the ovirt-tools.

IMO, it's not that necessary.

What do you think?

Comment 6 Sandro Bonazzola 2017-12-19 14:27:16 UTC

(In reply to Ido Rosenzwig from comment #5)

> IMO, it's not that necessary.
> 
> What do you think?

Ok, closing.