When porting the package download from perl to java, tomcat will need to be able
to read all of the pacakges, but sat-sync and rhnpush currently marks the
packages as 640 with apache:root ownership.
This needs to be changed to 644.
Any other viable options?
- Make tomcat user in the apache group *and* then change sat-sync code to write
Does 'root' need this access at group level to the files?
Making the files globally readable by change:
is less of a change to do, less risky in code, but does expose the entire
/var/satellite/ contents to any normal user on that has ssh access, but is this
a problem, most likely not.
So, 0644 sounds fine, I think the risk exposure is minimal.
Pretty sure this is a one liner to change:
satellite_tools/syncLib.py: setPermsPath(self.full_path, user='apache',
*if* we make a change, we will need as part of upgrade process, a separate bug
to track and if needed as part of upgrade change permissions.
fixed and upgrade process already handles this perms update.
Verified in spacewalk 0.2. Packages are being stored with 0644. (-rw-r--r--)
Remove bug 456562 blocks bug 484475.
Spacewalk is released for long time.