Bug 1833664

Summary: Regression in default file permission in RHEL 8.x as compared to RHEL 7.x when file is generated via a a program ran via su
Product: Red Hat Enterprise Linux 8 Reporter: Ashish Kumar Singh <ashishkumar.singh>
Component: shadow-utilsAssignee: Iker Pedrosa <ipedrosa>
Status: CLOSED DUPLICATE QA Contact: sssd-qe <sssd-qe>
Severity: urgent Docs Contact:
Priority: medium    
Version: 8.1CC: ashishkumar.singh, dapospis, pbrezina, pzhukov, tmraz
Target Milestone: rc   
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-11 07:37:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ashish Kumar Singh 2020-05-09 13:16:17 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

Below is a simple reproduction showing umask difference regression using centos docker images. same holds true for redhat based images.

ashish@BLRMAC57-4 ~ % docker run centos:7 umask             
0022
ashish@BLRMAC57-4 ~ % docker run centos:8 umask             
0022
ashish@BLRMAC57-4 ~ % docker run centos:7 su root -c umask
0022
ashish@BLRMAC57-4 ~ % docker run centos:8 su root -c umask
0077
ashish@BLRMAC57-4 ~ % 




Actual results:
Umask in centos 8 when a command is run under su is 0077

Expected results:
it should be 0022

Additional info:

This breaks defaults permission of files  in 8.x series of os vs 7.x series when a program impersonates a user to write a file.
Comment 1 Pavel Zhukov 2020-05-09 21:32:12 UTC 
(In reply to Ashish Kumar Singh from comment #0)

> Below is a simple reproduction showing umask difference regression using
> centos docker images. same holds true for redhat based images.
> 
> ashish@BLRMAC57-4 ~ % docker run centos:7 umask             
> 0022
> ashish@BLRMAC57-4 ~ % docker run centos:8 umask             
> 0022
> ashish@BLRMAC57-4 ~ % docker run centos:7 su root -c umask
> 0022
> ashish@BLRMAC57-4 ~ % docker run centos:8 su root -c umask
> 0077
it's set from /etc/login.defs reassigned to shadow-utils for further investigation
Comment 2 Iker Pedrosa 2020-05-11 07:37:27 UTC 
This bug is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1777718, which will be fixed in RHEL8.3.

*** This bug has been marked as a duplicate of bug 1777718 ***