Description of problem: When you log in the satellite webui as a satellite admin and run cobbler sync, the permissions of files inside /tftpboot/pxelinux.cfg/* get world writible persmissions. This is caused by cobblerd, which wrongly sets its umask to 0 causing it to create files with 0666 permissions. Version-Release number of selected component (if applicable): cobbler-1.6.6-3.el5sat How reproducible: always Steps to Reproduce: 1. log in webui as a satellite admin 2. go to Admin -> RHN Satellite Configuration -> Cobbler 3. push the "Update" button to run cobbler sync Actual results: Sets wrong permissions inside /tftpboot/pxelinux.cfg/ # ls -l /tftpboot/pxelinux.cfg/ total 24 -rw-rw-rw- 1 root root 314 Jan 11 19:10 xx-xx-xx-xx-xx-xx-xx -rw-rw-rw- 1 root root 8997 Jan 11 19:10 default # Expected results: # ls -l /tftpboot/pxelinux.cfg/ total 24 -rw-r--r-- 1 root root 314 Jan 11 19:10 xx-xx-xx-xx-xx-xx-xx -rw-r--r-- 1 root root 8997 Jan 11 19:10 default # Additional info: A patch which fixes the bug has been attached.
Created attachment 383127 [details] a patch which fixes the bug
submitted patch upstream and committed in 3rd party git in commit: 2e9a1091d18d507864cfe108a31bf8824b3d0390
Changing to verified: Testing procedure: 1) Reproduced bug with old set of packages: *-0.5.28-49 # ls -l /tftpboot/pxelinux.cfg/ -rw-rw-rw- 1 root root 211 Apr 2 03:50 default 2) Verifying with new set of packages: *-0.5.28-40.x.2 [root@rlx-0-14 2010:9477]# ls -l /tftpboot/pxelinux.cfg/ -rw-r--r-- 1 root root 211 Apr 2 04:23 default Note: Content of /tftpboot/images and /tftpboot/s390x was also created with 0666 permissions. New set of packeges fixes this as well. Verified against: (on rhel-i386-server-5-u4 and rhel-s390x-as-4-u8) *-0.5.28-40.x.2
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0369.html