Cloning for Satellite as there has been a related customer issue reported. +++ This bug was initially created as a clone of Bug #456562 +++ When porting the package download from perl to java, tomcat will need to be able to read all of the pacakges, but sat-sync and rhnpush currently marks the packages as 640 with apache:root ownership. This needs to be changed to 644. --- Additional comment from cperry on 2008-08-01 14:46:21 EDT --- Any other viable options? - Make tomcat user in the apache group *and* then change sat-sync code to write stuff: 0640 apache:apache from 0640 apache:root Does 'root' need this access at group level to the files? Making the files globally readable by change: 0644 is less of a change to do, less risky in code, but does expose the entire /var/satellite/ contents to any normal user on that has ssh access, but is this a problem, most likely not. So, 0644 sounds fine, I think the risk exposure is minimal. Pretty sure this is a one liner to change: satellite_tools/syncLib.py: setPermsPath(self.full_path, user='apache', group='root', chmod=0640) *if* we make a change, we will need as part of upgrade process, a separate bug to track and if needed as part of upgrade change permissions. Cliff --- Additional comment from pkilambi on 2008-08-01 15:12:37 EDT --- fixed and upgrade process already handles this perms update. --- Additional comment from dgoodwin on 2008-09-05 11:44:28 EDT --- Verified in spacewalk 0.2. Packages are being stored with 0644. (-rw-r--r--)
repsonding to comment #3 Prad, They're basically asking for apache/apache 664 because they have scripts that run as non-apache user and they want to write as apache group. Is that possible?
GS would like 664, as in group read/write
Closing this as per today's meeting. Goldman would have liked to see this changed. Internal Status set to 'Resolved' Status set to: Closed by Tech Resolution set to: 'Rejected' This event sent from IssueTracker by jleddy issue 218040