1572277 – [RFE] Avoid using sudo when using katello-backup

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1572277 - [RFE] Avoid using sudo when using katello-backup

Summary: [RFE] Avoid using sudo when using katello-backup

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Backup & Restore
Sub Component:
Version:	6.2.14
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	Unspecified
Assignee:	Brad Buckingham
QA Contact:	Lucie Vrtelova
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-26 15:10 UTC by Kenny Tordeurs
Modified:	2021-12-10 16:21 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-07-02 12:06:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	SAT-6983	0	None	None	None	2021-12-10 16:21:00 UTC
Red Hat Knowledge Base (Solution)	3648101	0	None	None	None	2018-10-11 12:04:59 UTC

Description Kenny Tordeurs 2018-04-26 15:10:17 UTC

Description of problem:
In some companies that sudo rule is forbidden.

/usr/bin/katello-backup
~~~
...
def validate_directory
  unless system("sudo -u postgres test -w #{@dir}")
    puts "****cancelled****"
    puts "Postgres user needs write access to the backup directory"
    puts "Please select a directory, such as /tmp or /var/tmp which allows Postgres write access"
    cleanup
  end
end
...
~~~

Version-Release number of selected component (if applicable):


Would also resolve the issue for:
https://bugzilla.redhat.com/show_bug.cgi?id=1540382

Proposed patch:
~~~
# gendiff /usr/bin/ .bkp
diff -up /usr/bin/katello-backup.bkp /usr/bin/katello-backup
--- /usr/bin/katello-backup.bkp	2018-04-26 15:25:34.514218862 +0100
+++ /usr/bin/katello-backup	2018-04-26 15:27:36.528155663 +0100
@@ -286,7 +286,7 @@ def backup_config_files
 end
 
 def validate_directory
-  unless system("sudo -u postgres test -w #{@dir}")
+  unless system("su - postgres -c 'test -w #{@dir}'")
     puts "****cancelled****"
     puts "Postgres user needs write access to the backup directory"
     puts "Please select a directory, such as /tmp or /var/tmp which allows Postgres write access"
~~~

Comment 1 Kenny Tordeurs 2018-06-18 07:52:52 UTC

This issue is also present in Satellite 6.3

# satellite-backup --skip-pulp-content /home/backup/katello-backup-20181506
Starting backup: 2018-06-15 10:33:00 +0200
Creating backup folder /home/backup/katello-backup-20181506/satellite-backup-20180615103300
Sorry, user root is not allowed to execute '/bin/test -w /home/backup/katello-backup-20181506/satellite-backup-20180615103300' as postgres on satellite.example.com.
****cancelled**** 

=> Can be resolved with changes from comment 1

Comment 7 Kenny Tordeurs 2019-07-02 12:06:24 UTC

IMPORTANT: satellite-backup has been removed in favor of 'foreman-maintain backup'

I guess we can close this one as CURRENTRELEASE

https://github.com/theforeman/foreman_maintain/blob/master/definitions/checks/backup/directory_ready.rb#L14


~~~
module Checks::Backup
  class DirectoryReady < ForemanMaintain::Check
    metadata do
      description 'Check if the directory exists and is writable'
      tags :backup
      manual_detection
      param :backup_dir, 'Directory where to backup to', :required => true
      param :preserve_dir, 'Directory where to backup to', :flag => true, :default => false
    end

    def run
      assert(File.directory?(@backup_dir), "Backup directory (#{@backup_dir}) does not exist.")
      if feature(:instance).postgresql_local?
        result = system("runuser - postgres -c 'test -w #{@backup_dir}'")
        assert(result, "Postgres user needs write access to the backup directory \n" \
          "Please allow the postgres user write access to #{@backup_dir}" \
          ' or choose another directory.')
      end
    end
  end
end

~~~

Note You need to log in before you can comment on or make changes to this bug.