638773 – permissions too loose on pid and lock files

Bug 638773 - permissions too loose on pid and lock files

Summary: permissions too loose on pid and lock files

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Directory Server
Sub Component:
Version:	1.2.6
Hardware:	All
OS:	All
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Rich Megginson
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	639035
TreeView+	depends on / blocked

Reported:	2010-09-29 21:26 UTC by Ulf Weltman
Modified:	2015-12-07 17:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-12-07 17:02:06 UTC
Embargoed:

Attachments	(Terms of Use)
patch proposal (2.40 KB, patch) 2010-09-29 21:26 UTC, Ulf Weltman	nhosoi: review+	Details \| Diff
View All

Description Ulf Weltman 2010-09-29 21:26:03 UTC

Looking over some fixes I had made for 8.1 I found this one wasn't submitted yet:

The permissions are too open on these files:
-rw-rw-rw-   1 www        other            6 Aug 31 19:32 /var/opt/dirsrv/slapd-hptem280/run/slapd-hptem280.pid
-rw-rw-rw-   1 www        other            6 Aug 31 19:31 /var/opt/dirsrv/slapd-hptem280/run/slapd-hptem280.startpid
-rw-rw-rw-   1 www        other            0 Aug 31 19:31 /var/opt/dirsrv/slapd-hptem280/lock/server/22298

I'd like to change them to be writable only by the owner (644).  They should remain readable by all since they may serve in an advisory role to other processes that need to determine if it's running.

Comment 1 Ulf Weltman 2010-09-29 21:26:26 UTC

Created attachment 450592 [details]
patch proposal

Comment 3 Noriko Hosoi 2010-10-29 00:48:46 UTC

Comment on attachment 450592 [details]
patch proposal

Looks good to me.

Comment 4 Noriko Hosoi 2010-10-29 16:52:23 UTC

Thanks to Ulf for submitting the patch.

commit 81fe698ca04d1dccc23e8099003521471120bacf
Author: Noriko Hosoi <nhosoi>
Date:   Fri Oct 29 09:43:52 2010 -0700

    Bug 638773 - permissions too loose on pid and lock files
    
    https://bugzilla.redhat.com/show_bug.cgi?id=638773
    
    Description: This patch changes the permissions of the pid and
    lock files to be writable only by the owner (0644).  They should
    remain readable by all since they may serve in an advisory role
    to other processes that need to determine if it's running.
    
    Checking in this patch on behalf of Ulf Weltman (ulf.weltman).

Pushed to master.

$ git merge work
Updating d46f51d..81fe698
Fast-forward
 ldap/servers/slapd/daemon.c     |   10 ++++++----
 ldap/servers/slapd/main.c       |   10 ++++++----
 ldap/servers/slapd/protect_db.c |    6 +++---
 3 files changed, 15 insertions(+), 11 deletions(-)

$ git push
Counting objects: 15, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.15 KiB, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   d46f51d..81fe698  master -> master

Comment 5 Amita Sharma 2011-05-16 10:27:10 UTC

Checked on RHEL machine
==========================

root@rheltest opt]# ls -l /var/run/dirsrv/admin-serv.pid
-rw-------. 1 root root 5 May 13 20:34 /var/run/dirsrv/admin-serv.pid

[root@rheltest opt]# ls -l /var/run/dirsrv/admin-serv.pid
-rw-------. 1 root root 5 May 13 20:34 /var/run/dirsrv/admin-serv.pid

[root@rheltest opt]# ls -l  /var/lock/dirsrv/slapd-rheltest/server/2047 
-rw-r--r--. 1 nobody nobody 0 May 16 11:52 /var/lock/dirsrv/slapd-rheltest/server/2047

Note You need to log in before you can comment on or make changes to this bug.