Bug 884788

Summary: /var/log/osad is created with wrong permission
Product: [Community] Spacewalk Reporter: Marcelo Moreira de Mello <mmello>
Component: ClientsAssignee: Marcelo Moreira de Mello <mmello>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.8CC: cperry, jpazdziora, mkollar, mmello
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 836984 Environment:
Last Closed: 2013-03-06 18:34:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 917805    
Attachments:
Description Flags
Patch proposed
none
Patch proposed
none
Patch proposed v2 none

Description Marcelo Moreira de Mello 2012-12-06 17:47:04 UTC 
+++ This bug was initially created as a clone of Bug #836984 +++

+++ This bug was initially created as a clone of Bug #818328 +++

Description of problem:

 /var/log/osad is created with wrong permission when not able to connect against OSAD server

Version-Release number of selected component (if applicable):
osad-5.9.38-1

How reproducible:
100%

Steps to Reproduce:
1. # yum install osad -y
2. # iptables -I OUTPUT -p tcp --dport 5222 -j DROP
3. # service osad restart (raise exception)
4  # ls -la /var/log/osad  (created with wrong permission)
-rw-rw-rw- 1 root root 94 May  2 15:01 /var/log/osad


Actual results:

 File is created with wrong permission

Expected results:

 Create file with the expected permission

--- Additional comment from mmello on 2012-05-02 21:19:17 CEST ---


  Please, cherry pick the commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7 from spacewalk master which fixed this issue in upstream. 

$ git show cdee7358
commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7
Author: Miroslav Suchý <msuchy>
Date:   Wed Feb 29 16:38:31 2012 +0100

    log file may contain password, set chmod to 600

diff --git a/client/tools/osad/osad.spec b/client/tools/osad/osad.spec
index 2cb7c9a..9cbc062 100644
--- a/client/tools/osad/osad.spec
+++ b/client/tools/osad/osad.spec
@@ -231,7 +231,7 @@ rpm -ql osa-dispatcher | xargs -n 1 /sbin/restorecon -rvi {}
 %attr(755,root,root) %{_initrddir}/osad
 %doc LICENSE
 %config(noreplace) %{_sysconfdir}/logrotate.d/osad
-%ghost %attr(644,root,root) %{_var}/log/osad
+%ghost %attr(600,root,root) %{_var}/log/osad
 %if 0%{?suse_version}
 # provide directories not owned by any package during build
 %dir %{rhnroot}
diff --git a/client/tools/osad/src/rhn_log.py b/client/tools/osad/src/rhn_log.py
index d87788c..acb4166 100644
--- a/client/tools/osad/src/rhn_log.py
+++ b/client/tools/osad/src/rhn_log.py
@@ -40,6 +40,7 @@ class Logger:
             if not Logger.logfile is None:
                 try:
                     file = open( Logger.logfile, 'a' )
+                    os.chmod(Logger.logfile, 0600)
                     file.write( outstring )
                     file.close()
                 except IOError:



  Since already is fixed, changing status to MODIFIED

--- Additional comment from jpazdziora on 2012-06-25 17:49:45 CEST ---

Note to self:

This bugzilla needs to be revisited (open a new one) to use umask + open + restore umask instead of that open + chmod, plus we need to add a %postinstall scriptlet to update the permissions on the existing file.

--- Additional comment from Marcelo Moreira de Mello on 2012-12-05 11:57:31 BRST ---

Taking

--- Additional comment from Marcelo Moreira de Mello on 2012-12-06 15:46:09 BRST ---

Created attachment 658907 [details]
Patch proposed


  Hello, 

     Patch already submitted to approval on spacewalk-devel mailing list. 

     https://www.redhat.com/archives/spacewalk-devel/2012-December/msg00000.html

   Thank you. 

Best,
mmello
Comment 1 Marcelo Moreira de Mello 2012-12-06 17:47:50 UTC 
Created attachment 658908 [details]
Patch proposed
Comment 2 Marcelo Moreira de Mello 2012-12-06 18:02:08 UTC 
Created attachment 658932 [details]
Patch proposed


  Better looking patch
Comment 3 Marcelo Moreira de Mello 2012-12-07 18:27:31 UTC 
Created attachment 659531 [details]
Patch proposed v2



   Patch proposed v2
Comment 4 Marcelo Moreira de Mello 2012-12-10 14:45:48 UTC 
Applied to Spacewalk master, 16199307a35484e0af5dd152b0ffc228df176e8a.

  See https://bugzilla.redhat.com/show_bug.cgi?id=836984#c7
Comment 5 Stephen Herr 2013-03-01 17:07:07 UTC 
Marking bug as ON_QA since tonight's build of Spacewalk nightly is a release candidate for Spacewalk 1.9.
Comment 6 Stephen Herr 2013-03-06 18:34:30 UTC 
Spacewalk 1.9 has been released.

https://fedorahosted.org/spacewalk/wiki/ReleaseNotes19