|Summary:||Change package permissions to rw-r--r--|
|Product:||[Community] Spacewalk||Reporter:||Justin Sherrill <jsherril>|
|Component:||Server||Assignee:||Pradeep Kilambi <pkilambi>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Red Hat Satellite QA List <satellite-qa-list>|
|Version:||0.1||CC:||bperkins, cperry, dgoodwin|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|:||484475 (view as bug list)||Environment:|
|Last Closed:||2009-09-17 06:59:38 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
Description Justin Sherrill 2008-07-24 17:50:53 UTC
When porting the package download from perl to java, tomcat will need to be able to read all of the pacakges, but sat-sync and rhnpush currently marks the packages as 640 with apache:root ownership. This needs to be changed to 644.
Comment 1 Clifford Perry 2008-08-01 18:46:21 UTC
Any other viable options? - Make tomcat user in the apache group *and* then change sat-sync code to write stuff: 0640 apache:apache from 0640 apache:root Does 'root' need this access at group level to the files? Making the files globally readable by change: 0644 is less of a change to do, less risky in code, but does expose the entire /var/satellite/ contents to any normal user on that has ssh access, but is this a problem, most likely not. So, 0644 sounds fine, I think the risk exposure is minimal. Pretty sure this is a one liner to change: satellite_tools/syncLib.py: setPermsPath(self.full_path, user='apache', group='root', chmod=0640) *if* we make a change, we will need as part of upgrade process, a separate bug to track and if needed as part of upgrade change permissions. Cliff
Comment 2 Pradeep Kilambi 2008-08-01 19:12:37 UTC
fixed and upgrade process already handles this perms update.
Comment 3 Devan Goodwin 2008-09-05 15:44:28 UTC
Verified in spacewalk 0.2. Packages are being stored with 0644. (-rw-r--r--)
Comment 5 Miroslav Suchý 2009-09-17 06:59:38 UTC
Spacewalk is released for long time.