Bug 678621
| Summary: | Running cumin apps as root user can cause permission problems if log files are created. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Trevor McKay <tmckay> |
| Component: | cumin | Assignee: | Trevor McKay <tmckay> |
| Status: | CLOSED ERRATA | QA Contact: | Jan Sarenik <jsarenik> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 1.3 | CC: | iboverma, jsarenik |
| Target Milestone: | 2.0 | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | cumin-0_1_4552-1_el5 | Doc Type: | Bug Fix |
| Doc Text: |
Cause
If a cumin application such as cumin-admin or cumin-web is run as the "root" user and it creates a log file in $CUMIN_HOME/log, the log file will be owned by the "root" user and will not be writable by the "cumin" user.
Consequence
Cumin applications run as the "cumin" user that write to such log files will raise exceptions and exit. This applies to the cumin service when started with /sbin/service cumin start.
Fix
If a cumin application run as the "root" user creates a log file, the file's ownership will be changed to match the ownership of the containing directory.
Result
Since the ownership of $CUMIN_HOME/log is set to the "cumin" user at installation, any cumin applications that create log files in $CUMIN_HOME/log will set ownership of those log files to the "cumin" user.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-23 15:41:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 693778 | ||
|
Description
Trevor McKay
2011-02-18 16:07:00 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause
If a cumin application such as cumin-admin or cumin-web is run as the "root" user and it creates a log file in $CUMIN_HOME/log, the log file will be owned by the "root" user and will not be writable by the "cumin" user.
Consequence
Cumin applications run as the "cumin" user that write to such log files will raise exceptions and exit. This applies to the cumin service when started with /sbin/service cumin start.
Fix
If a cumin application run as the "root" user creates a log file, the file's ownership will be changed to match the ownership of the containing directory.
Result
Since the ownership of $CUMIN_HOME/log is set to the "cumin" user at installation, any cumin applications that create log files in $CUMIN_HOME/log will set ownership of those log files to the "cumin" user.
Also added logging for cumin-admin back in, which had been removed because of this problem. cumin-admin now logs to admin.log, instead of data.log as previous. Verified in all versions since cumin-0_1_4552-1_el5 up to cumin-0.1.4683-1.el5 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0889.html |