Red Hat Bugzilla – Bug 495946
Snippets editor ISEs when trying to save a new or existing snippet
Last modified: 2009-09-10 15:25:12 EDT
* create new snippet
* Try to save it:
2009-04-15 12:47:54,693 [TP-Processor1] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/rhn].[action] - Servlet.service() for servlet action threw exception
java.io.FileNotFoundException: /var/lib/cobbler/snippets/bloop (Permission denied)
This issue should now be resolved... as off.
Following changes were made..
1) A new spacewalk subdirectory was added to /var/lib/cobbler/snippets which will host all the spacewalk specific snippets..
2) /var/lib/cobbler/snippets/spacewalk/org.id will host snippets specfic to that org.
3) A user without root access to the actual box will be only able to update scripts
or snippets listed under /var/lib/cobbler/snippets/spacewalk/org.id
4) All other snippets under /var/lib/cobbler/snippets other than snippets under /var/lib/cobbler/snippets/spacewalk will be Read Only to config admins of all orgs... (readable through the UI that is...)
5) The snippets are only one level deep. as in /var/lib/cobbler/snippets/spacewalk/org.id/snippet_name
One cannot now generate snippets that look like /var/lib/cobbler/snippets/spacewalk/org.id/my_dir/snippet_name
This was done to prevent issues like /var/lib/cobbler/snippets/spacewalk/org.id/../../../../tmp/xyz...
leaving security holes like that..
moving to On_QA
Moving to ON_QA
Moving to VERIFIED, tested on 5/29 build.
Moving to RELEASE_PENDING
Able to create a snippet and save it.
Added it to kickstart profile by putting it as a script and clicking "template"
Verified the snippet shows up in the kickstrt file
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.