Red Hat Bugzilla – Bug 129876
incorrect permissions set on /etc/localtime
Last modified: 2007-11-30 17:07:03 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116
Description of problem:
When the date/time configuration applet is run, the permissions on
/etc/localtime can be incorrectly set so that "others" cannot read the
file. This leads to the date being incorrectly reported since the
correct timezone cannot be read.
The problem seems to be associated with the user's umask. I have a
default umask of 007. When I run the date/time applet, I am queried
to enter the root password. After this, if I allow the applet to set
the current time, then permissions on /etc/localtime is set to 660.
If I change my umask to 002, log out and log back in, then run the
date/time applet again, the permissions are set to 664.
Since /etc/localtime is a system file that everyone should read, it
seems wrong to use the user's umask to mask the permissions being set.
This problem may actually be in the component that supports the
querying of the root password from the user. When this is done, the
user's umask should not be used. Rather a "reasonable" umask should
always be used.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Ensure that .cshrc or similar init script set umask to 007.
2. Exit the current X11 session and log back in.
3. Run the Date/Time applet either from the toolbar or from the
"Systems Settings" submenu of the RedHat menu.
4. Change the allow computer to synchronize time using NTP and select
"OK" to initiate the check.
5. ls -l /etc/localtime (Notice that others have no read permission)
Actual Results: -rw-rw---- 1 root root 1267 Aug 13
Expected Results: -rw-r--r-- 1 root root 1267 Aug 13
This one is already fixed in system-config-date-184.108.40.206-1 on FC3. I
plan to backport the fix.
(Or from system-config-date-1.7.3-1 onwards FWIW)
Or from 1.7.1-1 as per bug #109803...
I've built a fixed package and put it up on
http://people.redhat.com/nphilipp/BETA/redhat-config-date/ until it is
available as an update.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.