Bug 495946 – Snippets editor ISEs when trying to save a new or existing snippet

Bug 495946 - Snippets editor ISEs when trying to save a new or existing snippet

Summary:	Snippets editor ISEs when trying to save a new or existing snippet

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	WebUI (Show other bugs)
Sub Component:
Version:	530
Hardware:	All Linux

Priority	urgent Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Partha Aji
QA Contact:	Steve Salevan
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	457075
	Show dependency tree / graph

Reported:	2009-04-15 12:48 EDT by Mike McCune
Modified:	2009-09-10 15:25 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	sat530
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2009-09-10 15:25:12 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Mike McCune 2009-04-15 12:48:21 EDT

* Login
* Systems
* Kickstarts
* Snippets
* create new snippet
* Try to save it:

2009-04-15 12:47:54,693 [TP-Processor1] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/rhn].[action] - Servlet.service() for servlet action threw exception
java.io.FileNotFoundException: /var/lib/cobbler/snippets/bloop (Permission denied)

Comment 1 Partha Aji 2009-04-20 17:40:30 EDT

This issue should now be resolved... as off.
http://git.fedorahosted.org/git/spacewalk.git?p=spacewalk.git;a=commit;h=b7f234e5fd5f425ceccf40bcd9a9f8948f3b5f64

Following changes were made..

1) A new spacewalk subdirectory was added to /var/lib/cobbler/snippets which will host all the spacewalk specific snippets..

2) /var/lib/cobbler/snippets/spacewalk/org.id will host snippets specfic to that org.

3) A user without root access to the actual box will be only able to update scripts

or snippets listed under /var/lib/cobbler/snippets/spacewalk/org.id

4) All other snippets under /var/lib/cobbler/snippets  other than snippets under /var/lib/cobbler/snippets/spacewalk will be Read Only  to config admins of all orgs... (readable through the UI that is...)

5) The snippets are only one level deep.  as in /var/lib/cobbler/snippets/spacewalk/org.id/snippet_name
One cannot now generate snippets that look like /var/lib/cobbler/snippets/spacewalk/org.id/my_dir/snippet_name

This was done to prevent issues like /var/lib/cobbler/snippets/spacewalk/org.id/../../../../tmp/xyz...
leaving security holes like that..

Comment 2 Partha Aji 2009-04-22 13:42:06 EDT

moving to On_QA

Comment 4 Partha Aji 2009-05-20 10:23:55 EDT

Moving to ON_QA

Comment 5 Steve Salevan 2009-06-01 12:04:20 EDT

Moving to VERIFIED, tested on 5/29 build.

Comment 6 John Matthews 2009-07-28 15:05:48 EDT

Moving to RELEASE_PENDING


Able to create a snippet and save it.
Added it to kickstart profile by putting it as a script and clicking "template"
Verified the snippet shows up in the kickstrt file

ISO: Satellite-5.3.0-RHEL4-re20090724.0-s390x.iso

Comment 7 Brandon Perkins 2009-09-10 15:25:12 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html

Note You need to log in before you can comment on or make changes to this bug.