Bug 988146
Summary: | When using non-default umask settings, rhevm-iso-uploader uploads images with incorrect permissions and VMs cannot access them | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Allie DeVolder <adevolder> | |
Component: | ovirt-engine-iso-uploader | Assignee: | Sandro Bonazzola <sbonazzo> | |
Status: | CLOSED ERRATA | QA Contact: | Ilanit Stein <istein> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 3.2.0 | CC: | acathrow, adevolder, cpelland, iheim, knesenko, kroberts, mgoldboi, Rhev-m-bugs, sbonazzo, yeylon | |
Target Milestone: | --- | Keywords: | ZStream | |
Target Release: | 3.3.0 | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | integration | |||
Fixed In Version: | rhevm-iso-uploader-3.3.0-0.1.master.el6ev | Doc Type: | Bug Fix | |
Doc Text: |
When using non-default umask settings (such as 077), rhevm-iso-uploader uploaded images with incorrect permissions, so virtual machines could not access the images. This has been fixed so that rhevm-iso-uploader sets the correct umask when renaming the temporary file to the destination file during upload, and prevents providing incorrect access permissions on systems with non-standard umask settings.
|
Story Points: | --- | |
Clone Of: | ||||
: | 990144 (view as bug list) | Environment: | ||
Last Closed: | 2014-01-21 16:31:14 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 990144 |
Description
Allie DeVolder
2013-07-24 20:49:24 UTC
I assume that image-uploader will be affected as well. The strange thing is that iso-uploader sets umask for having 0660 file access mode (copy_file method). Maybe it's not enough, since after the copy it seems that the file are renamed and that's done with system umask. I think that it's better to totally ignore the umask and use chmod on the file to ensure it's permissions. Hi Allan, can you confirm that the issue on iso-uploader affects only uploads done through NFS and not uploads done through SSH ? (In reply to Sandro Bonazzola from comment #1) > I think that it's better to totally ignore the umask and use chmod on the > file to ensure it's permissions. Can't chmod over NFS mounted domain. Will fix setting correct umask while renaming. Patch pushed on master branch for 3.3.0: upload: nfs: set correct umask while renaming set the correct umask while renaming the temporary file to destination file. Avoid to have incorrect access bits on systems with not standard umask (like 077) (setting again needinfo flag, removed accidentally in previous comment) (In reply to Sandro Bonazzola from comment #1) > I assume that image-uploader will be affected as well. image uploader should not be affected, no renaming after file copy. (In reply to Sandro Bonazzola from comment #2) > Hi Allan, can you confirm that the issue on iso-uploader affects only > uploads done through NFS and not uploads done through SSH ? I don't have a system I can reproduce this on, and the customer closed the case as soon as they discovered the permissions issue. I filed the bug because that shouldn't be normal behaviour. (In reply to Allan Voss from comment #6) > I don't have a system I can reproduce this on, and the customer closed the > case as soon as they discovered the permissions issue. I filed the bug > because that shouldn't be normal behaviour. Ok. no problem. I've checked the code and ssh upload uses chown on remote system so there can't be umask issue there. merged upstream master for 3.3.0. Verified on is9.1, same as bug 990144 verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0077.html |