Bug 1395815

Summary: cdn-sync creates /var/satellite/rhn/* paths with incorrect permissions
Product: Red Hat Satellite 5 Reporter: Jan Dobes <jdobes>
Component: Satellite SynchronizationAssignee: Gennadii Altukhov <galtukho>
Status: CLOSED CURRENTRELEASE QA Contact: Radovan Drazny <rdrazny>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 580CC: galtukho, mkorbel, rdrazny, tlestach
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: spacewalk-backend-2.5.3-55-sat Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-21 12:15:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1340444    

Description Jan Dobes 2016-11-16 18:20:34 UTC 
Description of problem:
Compared to Satellite 5.7 and satellite-sync, /var/satellite/rhn/* subdirectories are owned by root, in Satellite 5.7 are owned by apache.

How reproducible:
Sync rhel channel with cdn-sync

Actual results:
e.g. /var/satellite/rhn/kickstart/ks-rhel-x86_64-server-7-7.2/ directory and files are owned by root.

Cobbler sync taskomatic job is failing with 
INFO   | jvm 1    | 2016/11/16 19:13:00 | 2016-11-16 19:13:00,144 [DefaultQuartzScheduler_Worker-1] ERROR com.redhat.rhn.taskomatic.t
ask.CobblerSyncTask - Cause: redstone.xmlrpc.XmlRpcFault: <type 'exceptions.IOError'>:[Errno 13] Permission denied: '/var/lib/tftpboo
t/images/ks-rhel-x86_64-server-7-71/vmlinuz'

(May not be relevant but files are copied there from /var/satellite/rhn/ so it's worth investigating)

Expected results:
Cobbler sync task not failing, same permissions as before.


Additional info:
Selinux label for files in
/var/lib/tftpboot/images/ks-rhel-x86_64-server-7-71/
changed from
unconfined_u:object_r:cobbler_var_lib_t:s0
to
unconfined_u:object_r:spacewalk_data_t:s0

(note: comparing Satellite 5.7 on RHEL 6 and Spacewalk nightly on RHEL 7)
Comment 1 Gennadii Altukhov 2016-12-19 16:00:04 UTC 
Patch is available in upstream. spacewalk.git:
db83e11e501c8498304849b66649eb53538e2dfa


cherry-picked to SATELLITE-5.8:
1599407836d2171240dfbf85272ff885b93ad94e
Comment 4 Gennadii Altukhov 2017-01-19 13:12:32 UTC 
patch is available in upstream. spacewalk.git:
91cf1508a829dbbc07b23753d3e7e8d46a275ae4
Comment 5 Gennadii Altukhov 2017-01-19 13:13:55 UTC 
Radovan, now permissions for /var/satellite/rhn* should be the same as on Sat 5.7.
Comment 8 Radovan Drazny 2017-03-01 10:13:00 UTC 
Tested on spacewalk-backend-2.5.3-69.el6sat with the rhel-x86_64-server-7 channel synced.

# ls -l /var/satellite/ | grep rhn
drwxr-xr-x. 4 apache apache 4096 Mar  1 04:57 rhn
# find /var/satellite/rhn ! -user apache ! -group apache
(no output)
# 

VERIFIED