Bug 115251 - ccm load can't write to /etc/ccm/conf
Summary: ccm load can't write to /etc/ccm/conf
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Web Application Framework
Classification: Retired
Component: installation
Version: nightly
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Dennis Gregorovic
QA Contact: Jon Orris
URL:
Whiteboard:
Depends On:
Blocks: 113496
TreeView+ depends on / blocked
 
Reported: 2004-02-09 17:43 UTC by Daniel Berrangé
Modified: 2007-04-18 17:02 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-03-05 20:58:09 UTC
Embargoed:

Attachments (Terms of Use)

Description Daniel Berrangé 2004-02-09 17:43:07 UTC 
Description of problem:
The ccm load command runs as servlet, but the /etc/ccm/conf directory
is owned by root, thus it is unable to create the config registry
files. We need to make this directory writable by 'servlet'. Doing
this, however, introduces a security risk because the servlet can now
overwrite the resin.conf and log4j.properties files. Thus these two
files need to be moved elsewhere.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Berrangé 2004-02-09 17:44:24 UTC 
In fact I'd question whether the /etc/ccm/conf directory should be
writable by the servlet container at all - only the 'ccm set' or 'ccm
load' commands ever change the config properties.
Comment 2 Dennis Gregorovic 2004-02-09 18:34:21 UTC 
40193 and 40195 introduce fixes to make /etc/ccm/conf writable by the
servlet user.  However, as Dan points out in comment #1, this could
introduce a security rick.  I'll post some more thoughts this afternoon.
Comment 3 Dennis Gregorovic 2004-02-23 22:04:12 UTC 
fixed at @40709.  That checkin also includes a description of the new
filesystem permissions
Note You need to log in before you can comment on or make changes to this bug.