From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040224 Description of problem: We set the umask of users via a script in /etc/profile.d/ Basically users -gt 99 get 0077 and -lt 0022. This we do for security. Issue is when you run up2date via console helper, the users umask of 0077. With most RPMS, this causes no problems, as the permissions files in RPMS are predefined. In rhel3 update2 preview, the gnome-panel update, runs gconftool2 at post, when a user has a umask of 0077 this causes some files in /etc/gconf to unreadable to users (retaining the 0077 umask). Causes the gnome-panel to freeze after logging out/ logging in. It may be wise to add some sort of default umask to up2date so this does not occur. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. set user umask to 0077 2. configure a yum server, add gnome-panel update to it 3. run up2date, install gnome-panel update Additional info:
Thanks for your report. Unfortunately there seems to be no practical way to make sure the umask is "correct". Some system administrators set up their systems to use 077 for the root user only (not for regular users), so hard-coding 022 or 002 in usermode would be explicitly dictating a policy contrary to the system administrator's wishes. Ideally, userhelper would interpret the /etc/profile.d/* scripts to use the same umask that is used by other processes run as root; this can't be done for security reasons. The specific problem with rpm scriptlets would probably be best solved by enforcing an umask within rpm to the 022 or 002 value expected by some scriptlets, or by auditing all scriptlets to make sure they don't depend on the default umask value. One of these changes will probably be implemented within Fedora and should eventually be available in RHEL.
*** Bug 214359 has been marked as a duplicate of this bug. ***