Bug 426430 - oddjob should follow useradd policy in file permissions
oddjob should follow useradd policy in file permissions
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: oddjob (Show other bugs)
5.2
All Linux
low Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-20 18:21 EST by Michal Nowak
Modified: 2013-03-07 21:03 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-22 07:13:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Nowak 2007-12-20 18:21:27 EST
Description of problem:

The permissions results of files in ~user produced by oddjob (having
UMASK=0000) and by useradd (having UMASK=000) are different

.qa.[root@x86-64-5-1client tps]# useradd -K UMASK=000 -m -g tulpas tulpas

.qa.[root@x86-64-5-1client tps]# ls -la /home/tulpas/
total 64
drwxrwxrwx 3 tulpas tulpas 4096 Dec 18 03:48 .
drwxr-xr-x 6 root   root   4096 Dec 18 03:48 ..
-rw-r--r-- 1 tulpas tulpas   24 Dec 18 03:48 .bash_logout
-rw-r--r-- 1 tulpas tulpas  176 Dec 18 03:48 .bash_profile
-rw-r--r-- 1 tulpas tulpas  124 Dec 18 03:48 .bashrc
-rw-r--rw- 1 tulpas tulpas  515 Dec 18 03:48 .emacs
drwxr-xr-x 3 tulpas tulpas 4096 Dec 18 03:48 .kde
-rw-r--r-- 1 tulpas tulpas  658 Dec 18 03:48 .zshrc

.qa.[root@x86-64-5-1client tps]# oddjob_request mkhomedirfor tulpasek
Creating home directory for tulpasek.

.qa.[root@x86-64-5-1client tps]# ll -la /home/tulpasek/
total 64
drwxr-xr-x 3 tulpasek tulpasek 4096 Dec 18 03:27 .
drwxr-xr-x 6 root     root     4096 Dec 18 03:27 ..
-rw-r--r-- 1 tulpasek tulpasek   24 Dec 18 03:27 .bash_logout
-rw-r--r-- 1 tulpasek tulpasek  176 Dec 18 03:27 .bash_profile
-rw-r--r-- 1 tulpasek tulpasek  124 Dec 18 03:27 .bashrc
-rw-r--rw- 1 tulpasek tulpasek  515 Dec 18 03:27 .emacs
drwxr-xr-x 3 tulpasek tulpasek 4096 Dec 18 03:27 .kde
-rw-r--r-- 1 tulpasek tulpasek  658 Dec 18 03:27 .zshrc


Notes:
 * .emacs is having the same permissions as in /etc/skel
 * see: 

useradd:  drwxrwxrwx 3 tulpas   tulpas   4096 Dec 18 03:48 .
oddjob:   drwxr-xr-x 3 tulpasek tulpasek 4096 Dec 18 03:27 .


Result:
From my POV useradd does what I want (chmod 0777 on my ~). oddjob does not, the
intended behavior is of course on you. 

Version-Release number of selected component (if applicable):

oddjob-0.27-9.el5.i386

How reproducible:
allways

Steps to Reproduce:
1.
2.
3.
  
Actual results:

Maximal permission is set according to permissions of the original file.

Expected results:

oddjob should follow same policy as useradd in case of permissions of created files.


Additional info:

"oddjob should user give user the rope even if he might hang himself. "
Comment 1 Nalin Dahyabhai 2007-12-21 10:51:03 EST
I'd lean against this but I'm willing to be convinced.

Question: how is a hard-coded initial mode of 0777 (what useradd does) a better
choice than using the mode of /etc/skel (which is what oddjob currently does)? 
The only thing I can come up with is that marking a directory in /etc
world-writable is a terrible idea, but I'm having a hard time thinking that
doing the same for a home directory isn't....

CCing the shadow-utils package maintainer to get his opinion.
Comment 2 Michal Nowak 2008-07-22 07:13:25 EDT
Let's close this one, don't have anything to add.

Note You need to log in before you can comment on or make changes to this bug.