Bug 1572277

Summary: [RFE] Avoid using sudo when using katello-backup
Product: Red Hat Satellite Reporter: Kenny Tordeurs <ktordeur>
Component: Backup & RestoreAssignee: Brad Buckingham <bbuckingham>
Status: CLOSED CURRENTRELEASE QA Contact: Lucie Vrtelova <lvrtelov>
Severity: low Docs Contact:
Priority: low    
Version: 6.2.14CC: ajoseph, bbuckingham, bkearney, daniele
Target Milestone: UnspecifiedKeywords: FutureFeature, Patch, RFE, Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-02 12:06:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Kenny Tordeurs 2018-04-26 15:10:17 UTC
Description of problem:
In some companies that sudo rule is forbidden.

/usr/bin/katello-backup
~~~
...
def validate_directory
  unless system("sudo -u postgres test -w #{@dir}")
    puts "****cancelled****"
    puts "Postgres user needs write access to the backup directory"
    puts "Please select a directory, such as /tmp or /var/tmp which allows Postgres write access"
    cleanup
  end
end
...
~~~

Version-Release number of selected component (if applicable):


Would also resolve the issue for:
https://bugzilla.redhat.com/show_bug.cgi?id=1540382

Proposed patch:
~~~
# gendiff /usr/bin/ .bkp
diff -up /usr/bin/katello-backup.bkp /usr/bin/katello-backup
--- /usr/bin/katello-backup.bkp	2018-04-26 15:25:34.514218862 +0100
+++ /usr/bin/katello-backup	2018-04-26 15:27:36.528155663 +0100
@@ -286,7 +286,7 @@ def backup_config_files
 end
 
 def validate_directory
-  unless system("sudo -u postgres test -w #{@dir}")
+  unless system("su - postgres -c 'test -w #{@dir}'")
     puts "****cancelled****"
     puts "Postgres user needs write access to the backup directory"
     puts "Please select a directory, such as /tmp or /var/tmp which allows Postgres write access"
~~~

Comment 1 Kenny Tordeurs 2018-06-18 07:52:52 UTC
This issue is also present in Satellite 6.3

# satellite-backup --skip-pulp-content /home/backup/katello-backup-20181506
Starting backup: 2018-06-15 10:33:00 +0200
Creating backup folder /home/backup/katello-backup-20181506/satellite-backup-20180615103300
Sorry, user root is not allowed to execute '/bin/test -w /home/backup/katello-backup-20181506/satellite-backup-20180615103300' as postgres on satellite.example.com.
****cancelled**** 

=> Can be resolved with changes from comment 1

Comment 7 Kenny Tordeurs 2019-07-02 12:06:24 UTC
IMPORTANT: satellite-backup has been removed in favor of 'foreman-maintain backup'

I guess we can close this one as CURRENTRELEASE

https://github.com/theforeman/foreman_maintain/blob/master/definitions/checks/backup/directory_ready.rb#L14


~~~
module Checks::Backup
  class DirectoryReady < ForemanMaintain::Check
    metadata do
      description 'Check if the directory exists and is writable'
      tags :backup
      manual_detection
      param :backup_dir, 'Directory where to backup to', :required => true
      param :preserve_dir, 'Directory where to backup to', :flag => true, :default => false
    end

    def run
      assert(File.directory?(@backup_dir), "Backup directory (#{@backup_dir}) does not exist.")
      if feature(:instance).postgresql_local?
        result = system("runuser - postgres -c 'test -w #{@backup_dir}'")
        assert(result, "Postgres user needs write access to the backup directory \n" \
          "Please allow the postgres user write access to #{@backup_dir}" \
          ' or choose another directory.')
      end
    end
  end
end

~~~