Bug 836984

Summary: /var/log/osad is created with wrong permission
Product: Red Hat Satellite 5 Reporter: Jan Pazdziora <jpazdziora>
Component: ClientAssignee: Jan Pazdziora <jpazdziora>
Status: CLOSED CURRENTRELEASE QA Contact: Jiří Mikulka <jmikulka>
Severity: medium Docs Contact:
Priority: medium    
Version: 541CC: cperry, jmikulka, jpazdziora, mkollar, mmello
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: osad-5.11.14-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 818328
: 884788 (view as bug list) Environment:
Last Closed: 2013-10-01 21:56:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 818328    
Bug Blocks: 924232    
Attachments:
Description Flags
Patch proposed
none
Patch proposed
none
Patch proposed v2 none

Description Jan Pazdziora 2012-07-02 12:28:57 UTC 
+++ This bug was initially created as a clone of Bug #818328 +++

Description of problem:

 /var/log/osad is created with wrong permission when not able to connect against OSAD server

Version-Release number of selected component (if applicable):
osad-5.9.38-1

How reproducible:
100%

Steps to Reproduce:
1. # yum install osad -y
2. # iptables -I OUTPUT -p tcp --dport 5222 -j DROP
3. # service osad restart (raise exception)
4  # ls -la /var/log/osad  (created with wrong permission)
-rw-rw-rw- 1 root root 94 May  2 15:01 /var/log/osad


Actual results:

 File is created with wrong permission

Expected results:

 Create file with the expected permission

--- Additional comment from mmello on 2012-05-02 21:19:17 CEST ---


  Please, cherry pick the commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7 from spacewalk master which fixed this issue in upstream. 

$ git show cdee7358
commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7
Author: Miroslav Suchý <msuchy>
Date:   Wed Feb 29 16:38:31 2012 +0100

    log file may contain password, set chmod to 600

diff --git a/client/tools/osad/osad.spec b/client/tools/osad/osad.spec
index 2cb7c9a..9cbc062 100644
--- a/client/tools/osad/osad.spec
+++ b/client/tools/osad/osad.spec
@@ -231,7 +231,7 @@ rpm -ql osa-dispatcher | xargs -n 1 /sbin/restorecon -rvi {}
 %attr(755,root,root) %{_initrddir}/osad
 %doc LICENSE
 %config(noreplace) %{_sysconfdir}/logrotate.d/osad
-%ghost %attr(644,root,root) %{_var}/log/osad
+%ghost %attr(600,root,root) %{_var}/log/osad
 %if 0%{?suse_version}
 # provide directories not owned by any package during build
 %dir %{rhnroot}
diff --git a/client/tools/osad/src/rhn_log.py b/client/tools/osad/src/rhn_log.py
index d87788c..acb4166 100644
--- a/client/tools/osad/src/rhn_log.py
+++ b/client/tools/osad/src/rhn_log.py
@@ -40,6 +40,7 @@ class Logger:
             if not Logger.logfile is None:
                 try:
                     file = open( Logger.logfile, 'a' )
+                    os.chmod(Logger.logfile, 0600)
                     file.write( outstring )
                     file.close()
                 except IOError:



  Since already is fixed, changing status to MODIFIED

--- Additional comment from jpazdziora on 2012-06-25 17:49:45 CEST ---

Note to self:

This bugzilla needs to be revisited (open a new one) to use umask + open + restore umask instead of that open + chmod, plus we need to add a %postinstall scriptlet to update the permissions on the existing file.
Comment 1 Marcelo Moreira de Mello 2012-12-05 13:57:31 UTC 
Taking
Comment 2 Marcelo Moreira de Mello 2012-12-06 17:46:09 UTC 
Created attachment 658907 [details]
Patch proposed


  Hello, 

     Patch already submitted to approval on spacewalk-devel mailing list. 

     https://www.redhat.com/archives/spacewalk-devel/2012-December/msg00000.html

   Thank you. 

Best,
mmello
Comment 3 Marcelo Moreira de Mello 2012-12-06 17:48:28 UTC 
 Cloned to 884788 and marking to Spacewalk
Comment 4 Marcelo Moreira de Mello 2012-12-06 18:01:35 UTC 
Created attachment 658931 [details]
Patch proposed


   Better looking patch
Comment 5 Jan Pazdziora 2012-12-07 07:12:04 UTC 
Making bugzilla public.
Comment 6 Marcelo Moreira de Mello 2012-12-07 18:28:23 UTC 
Created attachment 659532 [details]
Patch proposed v2

Patch proposed v2
Comment 7 Jan Pazdziora 2012-12-10 11:44:05 UTC 
(In reply to comment #6)
> Created attachment 659532 [details]
> Patch proposed v2

Applied to Spacewalk master, 16199307a35484e0af5dd152b0ffc228df176e8a.
Comment 10 Clifford Perry 2013-10-01 21:56:57 UTC 
Satellite 5.6 has been released. This bug was tracked under the release.  

This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly
before release). 

Moving to CLOSED CURRENT_RELEASE. 

Text from Upgrade Erratum follows:

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1395.html