Bug 235986

Summary: kdump propagate create authorized_keys2 with 664 permission
Product: Red Hat Enterprise Linux 5 Reporter: masanari iida <masanari_iida>
Component: kexec-toolsAssignee: Neil Horman <nhorman>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2007-0548 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-07 18:02:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description masanari iida 2007-04-11 08:28:19 UTC 
Description of problem:
When I configure kdump with scp, I execute "service kdump propagate".
It succesfully propagate key into ~/.ssh/authorized_keys2 file.
But the file permission is not properly changed to 600.
So I failed to start "service kdump start" in the next step.

Version-Release number of selected component (if applicable):

# rpm -qa |grep kexec
kexec-tools-1.101-164.el5


How reproducible:
Always when I configure kdump with scp.


Steps to Reproduce:
1. Configure /etc/kdump.conf  as  kdump with scp.
2. Create an account on kdump scp destination box.
3. Execute    # service kdump propagate 

  
Actual results:
kdump script create ~/.ssh/authorized_keys2 file with permission 664.

# ls -l
total 4
-rw-rw-r--  1 kdump kdump 408 Apr 11 17:00 authorized_keys2


In /var/log/secure, when I start "service kdump start"
Apr 11 16:41:52 abc123 sshd[12083]: Authentication refused: bad ownership or
modes for file /home/kdump/.ssh/authorized_keys2


Expected results:
kdump script create ~/.ssh/authorized_keys2 file with permission 600.
# ls -l
total 4
-rw-------  1 kdump kdump 408 Apr 11 17:03 authorized_keys2


Additional info:

Following line in /etc/init.d/kdump cause the problem.

        cat $KEYFILE | ssh -x $SSH_USER@$SSH_SERVER "mkdir -p ~$SSH_USER/.ssh;
chmod 700 ~$SSH_USER/.ssh;  cat >> ~$SSH_USER/.ssh/authorized_keys2"


Fix.
        cat $KEYFILE | ssh -x $SSH_USER@$SSH_SERVER "mkdir -p ~$SSH_USER/.ssh;
chmod 700 ~$SSH_USER/.ssh;  cat >> ~$SSH_USER/.ssh/authorized_keys2; chmod 600
~$SSH_USER/.ssh/authorized_keys2"
Comment 1 Neil Horman 2007-04-11 13:32:58 UTC 
sounds reasonable.  If I can have a pm/qe ack on this I would appreciate it.
Comment 2 RHEL Program Management 2007-04-11 13:43:26 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 Neil Horman 2007-05-08 15:28:08 UTC 
fixed in -171.el5.  Thanks!
Comment 8 errata-xmlrpc 2007-11-07 18:02:58 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0548.html