Bug 495946 - Snippets editor ISEs when trying to save a new or existing snippet
Summary: Snippets editor ISEs when trying to save a new or existing snippet
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI
Version: 530
Hardware: All
OS: Linux
urgent
high
Target Milestone: ---
Assignee: Partha Aji
QA Contact: Steve Salevan
URL:
Whiteboard:
Depends On:
Blocks: 457075
TreeView+ depends on / blocked
 
Reported: 2009-04-15 16:48 UTC by Mike McCune
Modified: 2009-09-10 19:25 UTC (History)
3 users (show)

Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-10 19:25:12 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Mike McCune 2009-04-15 16:48:21 UTC
* Login
* Systems
* Kickstarts
* Snippets
* create new snippet
* Try to save it:

2009-04-15 12:47:54,693 [TP-Processor1] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/rhn].[action] - Servlet.service() for servlet action threw exception
java.io.FileNotFoundException: /var/lib/cobbler/snippets/bloop (Permission denied)

Comment 1 Partha Aji 2009-04-20 21:40:30 UTC
This issue should now be resolved... as off.
http://git.fedorahosted.org/git/spacewalk.git?p=spacewalk.git;a=commit;h=b7f234e5fd5f425ceccf40bcd9a9f8948f3b5f64

Following changes were made..

1) A new spacewalk subdirectory was added to /var/lib/cobbler/snippets which will host all the spacewalk specific snippets..

2) /var/lib/cobbler/snippets/spacewalk/org.id will host snippets specfic to that org.

3) A user without root access to the actual box will be only able to update scripts

or snippets listed under /var/lib/cobbler/snippets/spacewalk/org.id

4) All other snippets under /var/lib/cobbler/snippets  other than snippets under /var/lib/cobbler/snippets/spacewalk will be Read Only  to config admins of all orgs... (readable through the UI that is...)

5) The snippets are only one level deep.  as in /var/lib/cobbler/snippets/spacewalk/org.id/snippet_name
One cannot now generate snippets that look like /var/lib/cobbler/snippets/spacewalk/org.id/my_dir/snippet_name

This was done to prevent issues like /var/lib/cobbler/snippets/spacewalk/org.id/../../../../tmp/xyz...
leaving security holes like that..

Comment 2 Partha Aji 2009-04-22 17:42:06 UTC
moving to On_QA

Comment 4 Partha Aji 2009-05-20 14:23:55 UTC
Moving to ON_QA

Comment 5 Steve Salevan 2009-06-01 16:04:20 UTC
Moving to VERIFIED, tested on 5/29 build.

Comment 6 John Matthews 2009-07-28 19:05:48 UTC
Moving to RELEASE_PENDING


Able to create a snippet and save it.
Added it to kickstart profile by putting it as a script and clicking "template"
Verified the snippet shows up in the kickstrt file

ISO: Satellite-5.3.0-RHEL4-re20090724.0-s390x.iso

Comment 7 Brandon Perkins 2009-09-10 19:25:12 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html


Note You need to log in before you can comment on or make changes to this bug.