Bug 1491407 - Arbitrary files are changing file permissions
Summary: Arbitrary files are changing file permissions
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Repositories
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
low vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-13 17:19 UTC by Renzo Nuccitelli
Modified: 2017-09-28 13:23 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-28 13:23:49 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Renzo Nuccitelli 2017-09-13 17:19:23 UTC
Description of problem:

This is related to a test case on the named feature "Support for Arbitrary Files within Content Views"


Version-Release number of selected component (if applicable):

6.3 snap 15


How reproducible:

Always


Steps to Reproduce:
1. Create any file and change its permissions: chmod 777 your_file
2. Run ll your_file and check -rwxrwxrwx for its perms
3. Open Satellite and create a new Product
4. Create a new Repository of type "file" within created Product
5. Leave empty fields URL, Upstream Username and Upstream Password
6. Uncheck Verify SSL box
7. Submit
8. Click on create repo
9. Click on browse and upload your_file
10. Browse repo link (search for Published at link)
11. Find link related to your_file and download it
12. Run ll your_file and check permissions

Actual results:
File lost permissions after upload. 
It had
-rwxrwxrwx

and now it has:

-rw-rw-r--

Expected results:

It should keep original permissions accordingly to test case. 
Additional info:

Maybe it changed file permission for security reasons and this is a feature, not a but. But once dev approved the test case I preferred opening this issue for discussion.

Comment 2 Brad Buckingham 2017-09-20 21:03:35 UTC
Hi Michael,

I suspect that the behavior described is working as designed; however, I wanted to confirm that with you.

What are your thoughts and feedback?

Comment 3 Michael Hrivnak 2017-09-28 12:48:56 UTC
HTTP does not have a way to communicate posix file permissions. If you download a file over HTTP, any permissions it has on the source machine are irrelevant. The new permissions at the destination will be whatever your HTTP client thinks are reasonable.

Comment 4 Brad Buckingham 2017-09-28 13:23:49 UTC
Based on comment 3, I am going to close this bug.  If there are concerns, please let us know.


Note You need to log in before you can comment on or make changes to this bug.