Bug 1572277 - [RFE] Avoid using sudo when using katello-backup
Summary: [RFE] Avoid using sudo when using katello-backup
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Backup & Restore
Version: 6.2.14
Hardware: x86_64
OS: Linux
low
low vote
Target Milestone: Unspecified
Assignee: Brad Buckingham
QA Contact: Lucie Vrtelova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-26 15:10 UTC by Kenny Tordeurs
Modified: 2019-08-12 15:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-07-02 12:06:24 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3648101 0 None None None 2018-10-11 12:04:59 UTC

Description Kenny Tordeurs 2018-04-26 15:10:17 UTC 
Description of problem:
In some companies that sudo rule is forbidden.

/usr/bin/katello-backup
~~~
...
def validate_directory
  unless system("sudo -u postgres test -w #{@dir}")
    puts "****cancelled****"
    puts "Postgres user needs write access to the backup directory"
    puts "Please select a directory, such as /tmp or /var/tmp which allows Postgres write access"
    cleanup
  end
end
...
~~~

Version-Release number of selected component (if applicable):


Would also resolve the issue for:
https://bugzilla.redhat.com/show_bug.cgi?id=1540382

Proposed patch:
~~~
# gendiff /usr/bin/ .bkp
diff -up /usr/bin/katello-backup.bkp /usr/bin/katello-backup
--- /usr/bin/katello-backup.bkp	2018-04-26 15:25:34.514218862 +0100
+++ /usr/bin/katello-backup	2018-04-26 15:27:36.528155663 +0100
@@ -286,7 +286,7 @@ def backup_config_files
 end
 
 def validate_directory
-  unless system("sudo -u postgres test -w #{@dir}")
+  unless system("su - postgres -c 'test -w #{@dir}'")
     puts "****cancelled****"
     puts "Postgres user needs write access to the backup directory"
     puts "Please select a directory, such as /tmp or /var/tmp which allows Postgres write access"
~~~
Comment 1 Kenny Tordeurs 2018-06-18 07:52:52 UTC 
This issue is also present in Satellite 6.3

# satellite-backup --skip-pulp-content /home/backup/katello-backup-20181506
Starting backup: 2018-06-15 10:33:00 +0200
Creating backup folder /home/backup/katello-backup-20181506/satellite-backup-20180615103300
Sorry, user root is not allowed to execute '/bin/test -w /home/backup/katello-backup-20181506/satellite-backup-20180615103300' as postgres on satellite.example.com.
****cancelled**** 

=> Can be resolved with changes from comment 1
Comment 7 Kenny Tordeurs 2019-07-02 12:06:24 UTC 
IMPORTANT: satellite-backup has been removed in favor of 'foreman-maintain backup'

I guess we can close this one as CURRENTRELEASE

https://github.com/theforeman/foreman_maintain/blob/master/definitions/checks/backup/directory_ready.rb#L14


~~~
module Checks::Backup
  class DirectoryReady < ForemanMaintain::Check
    metadata do
      description 'Check if the directory exists and is writable'
      tags :backup
      manual_detection
      param :backup_dir, 'Directory where to backup to', :required => true
      param :preserve_dir, 'Directory where to backup to', :flag => true, :default => false
    end

    def run
      assert(File.directory?(@backup_dir), "Backup directory (#{@backup_dir}) does not exist.")
      if feature(:instance).postgresql_local?
        result = system("runuser - postgres -c 'test -w #{@backup_dir}'")
        assert(result, "Postgres user needs write access to the backup directory \n" \
          "Please allow the postgres user write access to #{@backup_dir}" \
          ' or choose another directory.')
      end
    end
  end
end

~~~
Note You need to log in before you can comment on or make changes to this bug.