Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1506910

Summary: File Permission set to 666 or 777(world writable files) on the yum cache files, these are reverted even after changing [rhel-7.4.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: rhnsdAssignee: Tomáš Kašpárek <tkasparek>
Status: CLOSED ERRATA QA Contact: Pavel Studeník <pstudeni>
Severity: high Docs Contact:
Priority: high    
Version: 7.4CC: galtukho, gpayelka, jhutar, john.e.langbein.ctr, mmatsuya, pstudeni, rvdwees, srandhaw, tkasparek, tlestach, vanhoof, xdmoon
Target Milestone: rcKeywords: Regression, Reopened, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: rhnsd-5.0.13-7.3-el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1489989 Environment:
Last Closed: 2017-11-30 16:05:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1489989    
Bug Blocks:    

Description Oneata Mircea Teodor 2017-10-27 07:09:31 UTC 
This bug has been copied from bug #1489989 and has been proposed to be backported to 7.4 z-stream (EUS).
Comment 3 Tomáš Kašpárek 2017-10-30 06:46:11 UTC 

*** This bug has been marked as a duplicate of bug 1480306 ***
Comment 4 Tomáš Kašpárek 2017-10-30 06:58:15 UTC 

*** This bug has been marked as a duplicate of bug 1489119 ***
Comment 5 Ron van der Wees 2017-10-31 08:56:38 UTC 
(In reply to Tomáš Kašpárek from comment #3)
> 
> *** This bug has been marked as a duplicate of bug 1480306 ***

Reopening as I do *not* think this is a duplicate.
 
bz 1480306 and its z-stream bz 1489119 contains a fix to change the
permissions of the rhnsd.pid file but the process is still running with umask
set to 0.

This causes the sub processes to run with that same umask and thus the
rhn_check.pid but also the yum cache files are still world writeable!

From the latest available version:

# rpm -q rhnsd
rhnsd-5.0.13-7.1.el7_4.x86_64

# ls -la /run/rhn_check.pid 
-rwxrwxrwx. 1 root root 5 Oct 31 09:00 /run/rhn_check.pid
 ^^^^^^^^^                                  ^^^^^^^^^^^^^


# find /var/cache/yum -ls | grep "rw-rw-rw-"
4194886    4 -rw-rw-rw-   1 root     root          153 Oct 26 11:18 /var/cache/yum/x86_64/7Server/rhnplugin.repos
13350241 168916 -rw-rw-rw-   1 root     root     172966464 Oct 20 11:08 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/gen/primary.xml
8451468    4 -rw-rw-rw-   1 root     root           15 Oct 26 11:18 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/rhnversion
8451489    4 -rw-rw-rw-   1 root     root         1545 Oct 20 11:08 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/repomd.xml
8451498    0 -rw-rw-rw-   1 root     root            0 Oct 26 11:18 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/cachecookie
8451499  620 -rw-rw-rw-   1 root     root       634462 Oct 26 11:18 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/comps.xml
8451500 2156 -rw-rw-rw-   1 root     root      2203757 Oct 20 11:08 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/updateinfo.xml.gz
             ^^^^^^^^^^
...
Comment 8 Pavel Studeník 2017-11-08 14:19:44 UTC 
Verified with rhnsd-5.0.13-7.3.el7_4.x86_64.rpm

Reproducer:

>> ls -la /run/rhn_check.pid 
-rwxr-xr-x. 1 root root 5  8. lis 06.09 /run/rhn_check.pid


rhnsd-5.0.13-7.1.el7_4.x86_64

1. only rhnsd has to run (no osad, rhn_check)
2. remove yum cache:
 >> rm -rf /var/cache/yum/x86_64/
3. create event for install or update package by webui
4. wait for rhnsd pick up task

All files repomd.xml have set "-rw-rw-rw-" file mode.
Comment 11 errata-xmlrpc 2017-11-30 16:05:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3323
Comment 12 John Langbein 2018-07-17 17:48:10 UTC 
This issue still exists in RHEL6 with rhnsd.x86_64 5.0.25-1.el6. Please fix
Comment 13 Tomas Lestach 2018-07-18 11:45:09 UTC 
(In reply to John Langbein from comment #12)
> This issue still exists in RHEL6 with rhnsd.x86_64 5.0.25-1.el6. Please fix

Please open a ticket with Red Hat Support to open a RHEL6 BZ, if you see any issues. Based on my info this problem was never introduced in RHEL6 and the last released rhnsd version in RHEL6 is: rhnsd-4.9.3-6.el6
Comment 14 Tomáš Kašpárek 2018-07-18 11:48:44 UTC 
(In reply to John Langbein from comment #12)
> This issue still exists in RHEL6 with rhnsd.x86_64 5.0.25-1.el6. Please fix

Judging by the rhnsd version you're using Spacewalk, this is Red Hat Satellite bugzilla so this bugzilla is not the best place to ask for Spacewalk fix ;-)

For Spacewalk this issue was fixed in rhnsd-5.0.32-1