Bug 702125

Summary: should create directories/files only in directories owned by RPM package
Product: [Retired] Dogtag Certificate System Reporter: John Dennis <jdennis>
Component: Installer (pkicreate/pkiremove)Assignee: Matthew Harmsen <mharmsen>
Status: CLOSED EOL QA Contact: Ben Levenson <benl>
Severity: unspecified Docs Contact:
Priority: high    
Version: 9.0CC: alee
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 18:40:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 696390    

Description John Dennis 2011-05-04 20:24:09 UTC 
We create directories using the name of the instance under /var/lib and /var/log. But we don't own those directories, they are a shared system resource. There is nothing which prevents path name collisions with other RPM packages. We should only create our instance data in directories owned by our RPM package. We already do this with /usr/share/pki and /etc/sysconfig/pki. We should follow the same pattern and create /var/lib/pki and /var/log/pki in the RPM and then locate the instance directories under the package specific (e.g. pki) subdirectory. 

I haven't checked if there might be other files/directories we create which are in locations not owned by us but we should do a check by examining the install log and/or installation manifest. I'm aware of at least one file we create in a directory we do not own (/etc/sysconfig/<instance>) which is the tomcat6 configuration file, but we can't change that, it's convention used by tomcat6.

FWIW this problem was observed when trying to clean up some of the tomcat6 log file issues in bug 695284 and bug 701759 (one is a clone of the other)