Bug 426430

Summary: oddjob should follow useradd policy in file permissions
Product: Red Hat Enterprise Linux 5 Reporter: Michal Nowak <mnowak>
Component: oddjobAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 5.2CC: ohudlick, pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-22 11:13:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Nowak 2007-12-20 23:21:27 UTC 
Description of problem:

The permissions results of files in ~user produced by oddjob (having
UMASK=0000) and by useradd (having UMASK=000) are different

.qa.[root@x86-64-5-1client tps]# useradd -K UMASK=000 -m -g tulpas tulpas

.qa.[root@x86-64-5-1client tps]# ls -la /home/tulpas/
total 64
drwxrwxrwx 3 tulpas tulpas 4096 Dec 18 03:48 .
drwxr-xr-x 6 root   root   4096 Dec 18 03:48 ..
-rw-r--r-- 1 tulpas tulpas   24 Dec 18 03:48 .bash_logout
-rw-r--r-- 1 tulpas tulpas  176 Dec 18 03:48 .bash_profile
-rw-r--r-- 1 tulpas tulpas  124 Dec 18 03:48 .bashrc
-rw-r--rw- 1 tulpas tulpas  515 Dec 18 03:48 .emacs
drwxr-xr-x 3 tulpas tulpas 4096 Dec 18 03:48 .kde
-rw-r--r-- 1 tulpas tulpas  658 Dec 18 03:48 .zshrc

.qa.[root@x86-64-5-1client tps]# oddjob_request mkhomedirfor tulpasek
Creating home directory for tulpasek.

.qa.[root@x86-64-5-1client tps]# ll -la /home/tulpasek/
total 64
drwxr-xr-x 3 tulpasek tulpasek 4096 Dec 18 03:27 .
drwxr-xr-x 6 root     root     4096 Dec 18 03:27 ..
-rw-r--r-- 1 tulpasek tulpasek   24 Dec 18 03:27 .bash_logout
-rw-r--r-- 1 tulpasek tulpasek  176 Dec 18 03:27 .bash_profile
-rw-r--r-- 1 tulpasek tulpasek  124 Dec 18 03:27 .bashrc
-rw-r--rw- 1 tulpasek tulpasek  515 Dec 18 03:27 .emacs
drwxr-xr-x 3 tulpasek tulpasek 4096 Dec 18 03:27 .kde
-rw-r--r-- 1 tulpasek tulpasek  658 Dec 18 03:27 .zshrc


Notes:
 * .emacs is having the same permissions as in /etc/skel
 * see: 

useradd:  drwxrwxrwx 3 tulpas   tulpas   4096 Dec 18 03:48 .
oddjob:   drwxr-xr-x 3 tulpasek tulpasek 4096 Dec 18 03:27 .


Result:
From my POV useradd does what I want (chmod 0777 on my ~). oddjob does not, the
intended behavior is of course on you. 

Version-Release number of selected component (if applicable):

oddjob-0.27-9.el5.i386

How reproducible:
allways

Steps to Reproduce:
1.
2.
3.
  
Actual results:

Maximal permission is set according to permissions of the original file.

Expected results:

oddjob should follow same policy as useradd in case of permissions of created files.


Additional info:

"oddjob should user give user the rope even if he might hang himself. "
Comment 1 Nalin Dahyabhai 2007-12-21 15:51:03 UTC 
I'd lean against this but I'm willing to be convinced.

Question: how is a hard-coded initial mode of 0777 (what useradd does) a better
choice than using the mode of /etc/skel (which is what oddjob currently does)? 
The only thing I can come up with is that marking a directory in /etc
world-writable is a terrible idea, but I'm having a hard time thinking that
doing the same for a home directory isn't....

CCing the shadow-utils package maintainer to get his opinion.
Comment 2 Michal Nowak 2008-07-22 11:13:25 UTC 
Let's close this one, don't have anything to add.