Bug 61537

Summary: Permissions problem with /etc/sysconfig/rhn/up2date.rpmnew
Product: [Retired] Red Hat Linux Reporter: Need Real Name <jms>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED NOTABUG QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: gafton, mihai.ibanescu, srevivo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-12-28 14:12:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2002-03-21 06:06:52 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-21 i686)

Description of problem:
The /etc/sysconfig/rhn/up2date file is installed with 600 permissions. But the
upgrade of the package creates a file /etc/sysconfig/rhn/up2date.rpmnew with 644
permissions. If the original file is supposed to have 600 permissions shouldn't
the .rpmnew file also have 600 permissions?

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
1. Run the up2date command to update the up2date package.
2.
3.
	

Additional info:
Comment 1 Adrian Likins 2002-03-21 22:50:50 UTC 
up2date is mainly 600 because it could possibly contain proxy user/pass
info.

But since the standard up2date config doesnt include this, it should
be okay.
Comment 2 Adrian Likins 2002-05-08 20:53:43 UTC 
of course, this sounds like a potential rpm bug, so reassigning there.
Comment 3 Jeff Johnson 2002-12-28 14:12:42 UTC 
Permissions on *.rpmnew don't matter a bit, as the
file can be extracted from the package payload
using any convenient means where file permissions
are meaningless.

Note that the permissions are 600 because the file
may be locally modified.