Bug 484720

While we're at it, that /bin/rm /etc/cron.d/notification, should go as well.

The proposed change is to remove the INSTALL_RHN section and merge whatever needs to be there to CONFIG_RHN. The proposed sudoers.rhn is below. I've tested that with this, the Satellite/Spacewalk works and runs external commands fine.

## RHN specifics ##
Cmnd_Alias CONFIG_RHN = /usr/sbin/rhn-sat-restart-silent,\
                        /usr/bin/rhn-config-satellite.pl,\
                        /usr/bin/rhn-satellite-activate,\
                        /usr/bin/rhn-bootstrap,\
                        /usr/bin/rhn-ssl-tool,\
                        /usr/bin/rhn-ssl-dbstore,\
                        /usr/bin/rhn-load-ssl-cert.pl,\
                        /etc/rc.d/np.d/step Monitoring install,\
                        /etc/rc.d/np.d/step MonitoringScout install,\
                        /etc/rc.d/np.d/step Monitoring uninstall,\
                        /etc/rc.d/np.d/step MonitoringScout uninstall,\
                        /sbin/service Monitoring restart,\
                        /sbin/service MonitoringScout restart,\
                        /sbin/service taskomatic restart

# The CONFIG_RHN commands are required for reconfiguration of a
# running RHN Satellite.  They should be enabled for proper operation
# of the RHN Satellite.
apache  ALL=(root)      NOPASSWD: CONFIG_RHN
tomcat  ALL=(root)      NOPASSWD: CONFIG_RHN

# These two directives allow tomcat and apache to invoke CONFIG_RHN
# commands via sudo even without a real tty
Defaults:tomcat !requiretty
Defaults:apache !requiretty

Need to make sure it is not a shadow file, where we own the file within rpm but do not put it onto disk. 

Also - how about within WebUI when you enable and disable both monitoring scout and monitoring backend - I assume the file should be removed / added as needed when monitoring is enabled/disabled as a whole on a Satellite. 

Cliff.

NPalert.spec does:

in %install

# Install the cron stuff
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/
install -p -m 644 cron/notification        $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/notification

in %files

%defattr(-,root,root,-)
%{_sysconfdir}/logrotate.d/%{name}
%{_sysconfdir}/cron.d/notification

So the file looks real.

Furthermore, I've grepped the whole Spacewalk source code for /usr/bin/sudo and that cp and rm are nowhere found via sudo in our code anymore.

So I assume it's safe to remove.

The cron file has

*/15 * * * * nocpulse  if [ -e /etc/NOCpulse.ini ] ; then /usr/bin/monitor-queue ALERTS 50 100 2>&1 > /dev/null; fi

in it so it seems that the existence of /etc/NOCpulse.ini rather than existence  of /etc/cron.d/notification triggers the action.

Commited as:
951581be2cda4dad7b4bcf5bf99ee8ea0cbc801d

Mass moving ON_QA

[root@grandprix ~]# cat /etc/sudoers  | grep -i ln
[root@grandprix ~]# 

[root@grandprix cron.d]# cat notification 
# Check system load
*/15 * * * * nocpulse  if [ -e /etc/NOCpulse.ini ] ; then /usr/bin/monitor-queue ALERTS 50 100 2>&1 > /dev/null; fi
[root@grandprix cron.d]# 


[root@grandprix cron.d]# cat /etc/sudoers  | grep -i rm
## Delegating permissions
[root@grandprix cron.d]# cat /etc/sudoers  | grep -i notification
[root@grandprix cron.d]# 


verified..

Verified in stage with the same results as stated in the comment
above -> RELEASE_PENDING.

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html