| Summary: | Umask for user "oracle" on RHEL6 is changed to 0002 | ||
|---|---|---|---|
| Product: | Red Hat Satellite 5 | Reporter: | Dimitar Yordanov <dyordano> |
| Component: | Server | Assignee: | Jan Pazdziora <jpazdziora> |
| Status: | CLOSED DEFERRED | QA Contact: | Red Hat Satellite QA List <satqe-list> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 541 | CC: | jpazdziora |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-04-22 15:06:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 462714 | ||
|
Description
Dimitar Yordanov
2011-05-25 14:27:28 UTC
On RHEL 5, the umask does not get changed from root's umask at all: # umask 0021 # su - oracle -c 'umask' 0021 On RHEL 6, it is set to 002 in /etc/profile. But the change is not really specific -- you will see the same behaviour for any other system account you create. Does it cause any harm? Hi Jan, I think there is a potential security issue especially in the case when RHN-Satellite shares the Oracle Database with other applications and more than one Oracle instance exists. Let's have the case when every instalce runs under its own ORA_USER* and all ORA_USER* are in the DBA group. This means that if there is a security whole in some other application and a malicious user manage to execute some code as ORA_USER* this code can modify RHN-Satellite files as well. I could be wrong but this is the way I think. But we don't support multiple embedded Oracle installations, nor any non-Satellite use of the machine on which the Satellite with embedded Oracle is installed, do we? No, we do not support. I guess I had in mind external oracle but we have no control there. We don't have any immediate plans to change the behaviour that RHEL sets as default for one system account that we create and use in Satellite. Closing as such. |