This bug was initially created as a copy of Bug #1803114
I am copying this bug because:
Description of problem:
Depending on the umask configuration of the target system, "sudo oscap"
may create the result files in temporary directory with 600 permissions,
which makes retrieving the log (as the regular user that ssh'ed to the
$ oscap-ssh --sudo user@system 22 xccdf eval ...
oscap exit code: 0
Copying back requested files...
scp: /tmp/tmp.0kfbPWEy6u/report.html: Permission denied
Failed to copy the HTML report back to local machine!
Version-Release number of selected component (if applicable):
All openscap packages, including Upstream
Steps to Reproduce:
1. Set a default umask in /etc/sudoers:
Defaults umask = 0077
2. Run oscap-ssh
$ oscap-ssh --sudo rmetrich@vm-rhel7 22 xccdf eval --rule xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated --profile xccdf_org.ssgproject.content_profile_pci-dss --report report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
Failure to retrieve the result
Result being retrieved.
Issue applies Upstream. See PR https://github.com/OpenSCAP/openscap/pull/1481
Fixed upstream in https://github.com/OpenSCAP/openscap/pull/1485/files
Thanks Matus. I checked the doc text and now it looks good to me.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (openscap bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.