When porting the package download from perl to java, tomcat will need to be able to read all of the pacakges, but sat-sync and rhnpush currently marks the packages as 640 with apache:root ownership. This needs to be changed to 644.
Any other viable options? - Make tomcat user in the apache group *and* then change sat-sync code to write stuff: 0640 apache:apache from 0640 apache:root Does 'root' need this access at group level to the files? Making the files globally readable by change: 0644 is less of a change to do, less risky in code, but does expose the entire /var/satellite/ contents to any normal user on that has ssh access, but is this a problem, most likely not. So, 0644 sounds fine, I think the risk exposure is minimal. Pretty sure this is a one liner to change: satellite_tools/syncLib.py: setPermsPath(self.full_path, user='apache', group='root', chmod=0640) *if* we make a change, we will need as part of upgrade process, a separate bug to track and if needed as part of upgrade change permissions. Cliff
fixed and upgrade process already handles this perms update.
Verified in spacewalk 0.2. Packages are being stored with 0644. (-rw-r--r--)
Remove bug 456562 blocks bug 484475.
Spacewalk is released for long time.