Bug 621902
| Summary: | Permissions not set correctly on key pair file | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Steve Reichard <sreichar> |
| Component: | condor | Assignee: | Matthew Farrellee <matt> |
| Status: | CLOSED ERRATA | QA Contact: | Luigi Toscano <ltoscano> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 1.2 | CC: | bressers, ltoscano, matt, twilkins, vdanen |
| Target Milestone: | 1.3 | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Using the MRG Grid to spawn Amazon EC2 instances, when attempting to use the generated key pair which is pointed to by the 'AMAZON_KEYPAIR_FILE' variable, a 'bad permissions' error was returned. The ssh private key file that allowed logging into the EC2 instance was being written with global 'read' permissions. With this update, only the owner has 'read' permission.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-10-14 16:14:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Steve Reichard
2010-08-06 13:04:15 UTC
commit e7f1cfa5da9e379538efbea33a69372b0e88d033
Author: Jaime Frey <jfrey@>
Date: Fri Jul 16 12:32:32 2010 -0500
Fix permissions on ssh private key file for amazon ec2 jobs. #1508
The ssh private key file that allows logging into the ec2 instance
was being written with global read permissions. Now, only the owner
has read permission.
...
--- a/src/condor_amazon/gsoap_commands.cpp
+++ b/src/condor_amazon/gsoap_commands.cpp
@@ -319,7 +319,7 @@ AmazonVMCreateKeypair::gsoapRequest(void)
// check if output file could be created
if( has_outputfile ) {
- if( check_create_file(outputfile.Value()) == false ) {
+ if( check_create_file(outputfile.Value(), 0600) == false ) {
m_error_msg = "No_permission_for_keypair_outputfile";
dprintf(D_ALWAYS, "AmazonVMCreateKeypair Error: %s\n", m_error_msg.Value())
return false;
@@ -343,7 +343,7 @@ AmazonVMCreateKeypair::gsoapRequest(void)
if( has_outputfile ) {
FILE *fp = NULL;
- fp = safe_fopen_wrapper(outputfile.Value(), "w");
+ fp = safe_fopen_wrapper(outputfile.Value(), "w", 600);
if( !fp ) {
m_error_msg.sprintf("failed to safe_fopen_wrapper %s in write mode:
"safe_fopen_wrapper returns %s",
Fix built in condor 7.4.4-0.5 The permissions of the generated keyfile are now (at least) 600. Verified on RHEL5.5, i386/x86_64. condor-7.4.4-0.9
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Using the MRG Grid to spawn Amazon EC2 instances, when attempting to use the generated key pair which is pointed to by the 'AMAZON_KEYPAIR_FILE' variable, a 'bad permissions' error was returned. The ssh private key file that allowed logging into the EC2 instance was being written with global 'read' permissions. With this update, only the owner has 'read' permission.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2010-0773.html |