Bug 1571247

Summary: engine-backup creates backup file with too permissive mode
Product: [oVirt] ovirt-engine Reporter: Jiri Belka <jbelka>
Component: Backup-Restore.EngineAssignee: Asaf Rachmani <arachman>
Status: CLOSED CURRENTRELEASE QA Contact: Lukas Svaty <lsvaty>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.2.3.2CC: bugs, lsvaty
Target Milestone: ovirt-4.3.0Flags: ylavi: ovirt-4.3+
Target Release: 4.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.3.0_alpha Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-13 07:48:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Belka 2018-04-24 11:55:59 UTC 
Description of problem:

result of my engine-backup run:

# engine-backup --file=/tmp/backup-test --log=/tmp/backup-test.log --mode=backup
Backing up:
Notifying engine
- Files
- Engine database 'engine'
- DWH database 'ovirt_engine_history'
Packing into file '/tmp/backup-test'
Notifying engine
Done.

# ls -l /tmp/backup-test*
-rw-r--r--. 1 root root 156955518 Apr 24 13:45 /tmp/backup-test
-rw-r--r--. 1 root root      3209 Apr 24 13:45 /tmp/backup-test.log

let's assume some user could use world-accessible dir as destination directory - eg. /tmp - thus backup file could be readable by world.

it seems like changing umask could be enough, not tested at all.

Version-Release number of selected component (if applicable):
ovirt-engine-tools-backup-4.2.3-0.1.el7.noarch

How reproducible:
100%

Steps to Reproduce:
1. run engine-backup in backup mode
2. check unix rights (DAC) on the file
3.

Actual results:
0644

Expected results:
'all' should not have 'r', maybe group too

Additional info:
Comment 1 Jiri Belka 2018-08-30 07:32:17 UTC 
ok,

# rpm -qf `which engine-backup`
ovirt-engine-tools-backup-4.3.0-0.0.master.20180828114844.git0bc18b1.el7.noarch


# ls -l /tmp/backup*
-rw-------. 1 root root 864857 Aug 29 21:02 /tmp/backup-test
-rw-------. 1 root root   3239 Aug 29 21:02 /tmp/backup-test.log
Comment 3 Sandro Bonazzola 2018-11-02 14:29:01 UTC 
This bugzilla is included in oVirt 4.2.7 release, published on November 2nd 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.7 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Comment 4 Sandro Bonazzola 2018-11-02 14:59:40 UTC 
Closed by mistake, moving back to qa -> verified
Comment 5 Sandro Bonazzola 2019-02-13 07:48:01 UTC 
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.