Bug 354381 - server key file has wrong permissions, passphrase file gets overwritten
server key file has wrong permissions, passphrase file gets overwritten
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: monotone (Show other bugs)
7
All Linux
low Severity high
: ---
: ---
Assigned To: Roland McGrath
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-26 12:18 EDT by Thomas Moschny
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 0.37-3.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-01 17:13:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thomas Moschny 2007-10-26 12:18:37 EDT
Description of problem:

First, more severe problem: Running 'service monotone genkey' generates a new 
key in /etc/monotone/private-keys/HOSTNAME, with permissions '0600', and 
ownership 'root:monotone'. The monotone server process runs as 
user 'monotone', thus it cannot read that file, and will refuse to start. 
Permissions should be changed to '0640' after generation by the init script.

Second, minor problem: If HOSTNAME changes for some reason, and 'service 
monotone genkey' is run a second time (maybe by mistake), a new key file will 
be generated (no problem), but /etc/monotone/passphrase.lua will silently be 
overwritten, so the old server key is essentially lost. Easiest solution would 
be to make the init script refuse to generate a second key if passphrase.lua 
is already present.

Version-Release number of selected component (if applicable):
monotone-server-0.35-3.fc7
Comment 1 Fedora Update System 2007-11-01 17:13:53 EDT
monotone-0.37-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 2 Fedora Update System 2007-11-06 11:03:39 EST
monotone-0.37-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.