Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
First Last Prev Next    This bug is not in your last search results.
Bug 246681 - umask not honored in mkhomedir
umask not honored in mkhomedir
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: oddjob (Show other bugs)
5.0
All Linux
low Severity low
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-03 18:18 EDT by Jose Plans
Modified: 2018-10-19 15:50 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2008-0021
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-16 09:04:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
epipe_octals (1.41 KB, patch)
2007-07-03 18:18 EDT, Jose Plans 		no flags Details | Diff
current proposed patch (2.52 KB, patch)
2007-12-07 13:43 EST, Nalin Dahyabhai 		no flags Details | Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0021 normal SHIPPED_LIVE oddjob bug fix update 2008-01-16 09:04:48 EST

  None (edit)
Description Jose Plans 2007-07-03 18:18:40 EDT 
Description of problem:

pam_oddjob_mkhomedir does not honour umask while creating home directories.

the umask in the original code is processed with atoi() which translates the
string in integer base 10; this makes the umask incorrect if it's led by 0.
Changing this by strtol() base 8 makes it work as expected.

However some checks were added, since strtol() in most of the cases returns 0 if
we passed non-integer values, we can result then into a umask(0) which would
provide world-wide writable rights to every file created within that home directory.

Version-Release number of selected component (if applicable):
oddjob-0.27-1

How reproducible:
Always.

Steps to Reproduce:
1. Create a user testuser
2. echo testuser | /usr/lib/oddjob/mkhomedir -u 0077
3. ls -ld /home/testuser
  


Actual results:
% echo testuser | /usr/lib/oddjob/mkhomedir -u 0077
Creating home directory for testuser.
% ls -ld /home/testuser
drw-r----- 3 testuser testuser 4096 Jun 29 10:54 /home/testuser

Expected results:
% echo testuser | sudo ./mkhomedir -u 0077
Creating home directory for testuser.
% ls -ld /home/testuser
drwx------ 3 testuser testuser 4096 Jun 29 10:55 /home/testuser

Additional info:
With the additional code, since this can also provide data on input stream, we
should close pipes before writing.

There were two cases I think we should prevent EPIPE, one is the --help, the
other one is when the -u umask is not octal string so we abort (with patch applied).

To reproduce:

With no patch:
  % echo test | /usr/lib/oddjob/mkhomedir --help
  That provides Broken Pipe
With patch adds another one (fixed):
  % echo test | /usr/lib/oddjob/mkhomedir -u not_an_octal_string

Let me know if you need more infos.
Comment 1 Jose Plans 2007-07-03 18:18:41 EDT 
Created attachment 158482 [details]
epipe_octals
Comment 2 Nalin Dahyabhai 2007-09-05 17:20:17 EDT 
I think that ignoring SIGPIPE in oddjobd so that its calls to write() return
with an EPIPE error would be preferable.  The strtol() function already returns
an error if the data passed to it isn't a number of some kind, so calling it
directly should be fine.  Doing that for 0.29.
Comment 5 Nalin Dahyabhai 2007-12-07 13:43:31 EST 
Created attachment 281471 [details]
current proposed patch
Comment 10 errata-xmlrpc 2008-01-16 09:04:51 EST 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0021.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.