Bug 1334400 - installer does not check&fix wrong permissions on /etc/pki/pulp/rsa.key
Summary: installer does not check&fix wrong permissions on /etc/pki/pulp/rsa.key
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installer
Version: 6.1.8
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: Unspecified
Assignee: Chris Roberts
QA Contact: Katello QA List
URL: http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-09 13:58 UTC by Pavel Moravec
Modified: 2019-10-10 12:04 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 16:44:36 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 16941 0 None None None 2016-10-14 13:52:06 UTC

Description Pavel Moravec 2016-05-09 13:58:54 UTC
Description of problem:
User story: After manually fixing some SSL certificate files, and leaving /etc/pki/pulp/rsa.key owned by root:root, katello-installer was run to fix potential file permissions and ownership discrepancies. But this file was still owned by root:root while it must be owned by root:apache (otherwise half of pulp requests fail on file access error).

Please update installer such that it sets properly file ownership of /etc/pki/pulp/rsa.key .


Version-Release number of selected component (if applicable):
katello-installer-2.3.25-1.el7sat.noarch
pulp-server-2.6.0.20-1.el7sat.noarch


How reproducible:
100%


Steps to Reproduce:
1. Have installed Sat6
2. chown root:root /etc/pki/pulp/rsa.key
3. katello-installer
4. ll /etc/pki/pulp/rsa.key


Actual results:
Step 4. shows:

-rw-r-----. 1 root root 1679 May  7 15:40 /etc/pki/pulp/rsa.key


Expected results:
Step 4. to show:

-rw-r-----. 1 root apache 1679 May  7 15:40 /etc/pki/pulp/rsa.key


Additional info:
Not sure what other files can be affected by the same bug.

Comment 2 Stephen Benjamin 2016-10-14 13:52:04 UTC
Created redmine issue http://projects.theforeman.org/issues/16941 from this bug

Comment 3 Zach Huntington-Meath 2017-08-09 15:46:35 UTC
Verified on the most recent Satellite 6.3.0-10 snap.

My verification steps were:

1. chown root:root /etc/pki/pulp/rsa.key
2. satellite-installer
3. ll /etc/pki/pulp/rsa.key

and the permissions were:

-rw-r----- 1 root apache 1675 Aug  9 13:15 /etc/pki/pulp/rsa.key

Comment 4 pm-sat@redhat.com 2018-02-21 16:44:36 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336


Note You need to log in before you can comment on or make changes to this bug.