250118 – dnszone.schema bad file permissions

Bug 250118 - dnszone.schema bad file permissions

Summary: dnszone.schema bad file permissions

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	bind
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Adam Tkac
QA Contact:
Docs Contact:
URL:	http://bugs.centos.org/view.php?id=2240
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-30 15:26 UTC by Johnny Hughes
Modified:	2013-04-30 23:36 UTC (History)
CC List:	1 user (show)
Fixed In Version:	RHSA-2008-0300
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-05-21 14:17:34 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0300	0	normal	SHIPPED_LIVE	Moderate: bind security, bug fix, and enhancement update	2008-05-21 14:17:18 UTC

Description Johnny Hughes 2007-07-30 15:26:21 UTC

Description of problem: The file /etc/openldap/schema/dnszone.schema provided by
bind-sdb-9.3.3-9.0.1.el5 has the wrong file permissions ... causing openldap to
not start.

File is currently:
-rw-r----- 1 root named  

Needs to be 644 not 640 (or owner/group needs to be openldap).

This is also #2240 in the CentOS Bug Tracker:
http://bugs.centos.org/view.php?id=2240

Comment 1 Adam Tkac 2007-07-31 13:44:47 UTC

Best should be change perms to root:root 644 (like other schemas). Will be fixed
in 5.2

Adam

Comment 2 RHEL Program Management 2007-10-16 03:52:11 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 5 Zenon Panoussis 2007-12-04 16:27:04 UTC

Please raise the severity and the priority of this; it is very serious. For my
part I just lost two remote servers because of it. The bind update of 5.1 set
the permissions of the schema file wrong. Seconds later, the ldap update caused
ldap to restart and fail. Since I'm using ldap authentication for all accounts
except root, ldap down means mail down and no login of any kind for users. Add
now a 'permitrootlogin no' in sshd_config and the bliss is complete: two
machines in a data centre in another country and I have to get someone there
with a keyboard to go recover them.

Comment 6 Adam Tkac 2007-12-05 12:42:54 UTC

(In reply to comment #5)
> Please raise the severity and the priority of this; it is very serious. For my
> part I just lost two remote servers because of it. The bind update of 5.1 set
> the permissions of the schema file wrong. Seconds later, the ldap update caused
> ldap to restart and fail. Since I'm using ldap authentication for all accounts
> except root, ldap down means mail down and no login of any kind for users. Add
> now a 'permitrootlogin no' in sshd_config and the bliss is complete: two
> machines in a data centre in another country and I have to get someone there
> with a keyboard to go recover them. 

Severity and priority is only informational. Fix is already commited into CVS
and update is scheduled to 5.2

Adam

Comment 10 errata-xmlrpc 2008-05-21 14:17:34 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0300.html

Note You need to log in before you can comment on or make changes to this bug.