Bug 836174

Summary: oddjobd-mkhomedir.conf -- unexpected directory permissions with explicit umask
Product: Red Hat Enterprise Linux 6 Reporter: Eugene E <geichel>
Component: oddjobAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: pkis
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-06 11:51:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eugene E 2012-06-28 09:35:43 UTC 
Description of problem:
Setting umask in oddjobd-mkhomedir.conf yields only partial results:


Version-Release number of selected component (if applicable):
pam-1.1.1-10.el6_2.1.x86_64
oddjob-0.30-5.el6.x86_64
oddjob-mkhomedir-0.30-5.el6.x86_64


How reproducible: unknown, tested on single system only.


Steps to Reproduce:
1. Install system
2. configure system to use LDAP for account info
3. configure to use sssd & oddjob-mkhomedir
  
Actual results:
Umask setting in oddjob-mkhomedir.conf yields following test results:
0000 drwxr-xr-x.
0007 drwxr-x---.
0017 drwxr-----.
0027 drwxr-x---.
0037 drwxr-----.
0047 drwx--x---.
0057 drwx------.
0067 drwx--x---.
0077 drwx------.
 002 drwxr-xr-x.

Expected results:
002 drwxrwxr-x

Additional info:
The mystery permission inheritance seems to be from /etc/skel. Modifying /etc/skel permissions was a work-around for us to get the desired permissions for home accounts.
Comment 2 Nalin Dahyabhai 2012-07-30 16:10:32 UTC 
The permissions on the newly-created files and directories generally mimic those of the source directories in /etc/skel.  The umask controls which permission bits are removed when determining permissions for the newly-created files and directories.

If we set them all to match the umask value (or rather, 0777 with the umask's bits removed), then it wouldn't be possible to vary the permissions of individual files or directories in the skeleton directory.

I'm inclined to mark this won't-fix as a result.
Comment 3 RHEL Program Management 2012-09-07 05:31:14 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 4 Jan Kurik 2017-12-06 11:51:03 UTC 
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/