Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 638773

Summary: permissions too loose on pid and lock files
Product: [Retired] 389 Reporter: Ulf Weltman <ulf.weltman>
Component: Directory ServerAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: high    
Version: 1.2.6CC: amsharma, jgalipea, nhosoi
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 17:02:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 639035    
Attachments:
Description Flags
patch proposal nhosoi: review+

Description Ulf Weltman 2010-09-29 21:26:03 UTC 
Looking over some fixes I had made for 8.1 I found this one wasn't submitted yet:

The permissions are too open on these files:
-rw-rw-rw-   1 www        other            6 Aug 31 19:32 /var/opt/dirsrv/slapd-hptem280/run/slapd-hptem280.pid
-rw-rw-rw-   1 www        other            6 Aug 31 19:31 /var/opt/dirsrv/slapd-hptem280/run/slapd-hptem280.startpid
-rw-rw-rw-   1 www        other            0 Aug 31 19:31 /var/opt/dirsrv/slapd-hptem280/lock/server/22298

I'd like to change them to be writable only by the owner (644).  They should remain readable by all since they may serve in an advisory role to other processes that need to determine if it's running.
Comment 1 Ulf Weltman 2010-09-29 21:26:26 UTC 
Created attachment 450592 [details]
patch proposal
Comment 3 Noriko Hosoi 2010-10-29 00:48:46 UTC 
Comment on attachment 450592 [details]
patch proposal

Looks good to me.
Comment 4 Noriko Hosoi 2010-10-29 16:52:23 UTC 
Thanks to Ulf for submitting the patch.

commit 81fe698ca04d1dccc23e8099003521471120bacf
Author: Noriko Hosoi <nhosoi>
Date:   Fri Oct 29 09:43:52 2010 -0700

    Bug 638773 - permissions too loose on pid and lock files
    
    https://bugzilla.redhat.com/show_bug.cgi?id=638773
    
    Description: This patch changes the permissions of the pid and
    lock files to be writable only by the owner (0644).  They should
    remain readable by all since they may serve in an advisory role
    to other processes that need to determine if it's running.
    
    Checking in this patch on behalf of Ulf Weltman (ulf.weltman).

Pushed to master.

$ git merge work
Updating d46f51d..81fe698
Fast-forward
 ldap/servers/slapd/daemon.c     |   10 ++++++----
 ldap/servers/slapd/main.c       |   10 ++++++----
 ldap/servers/slapd/protect_db.c |    6 +++---
 3 files changed, 15 insertions(+), 11 deletions(-)

$ git push
Counting objects: 15, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.15 KiB, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   d46f51d..81fe698  master -> master
Comment 5 Amita Sharma 2011-05-16 10:27:10 UTC 
Checked on RHEL machine
==========================

root@rheltest opt]# ls -l /var/run/dirsrv/admin-serv.pid
-rw-------. 1 root root 5 May 13 20:34 /var/run/dirsrv/admin-serv.pid

[root@rheltest opt]# ls -l /var/run/dirsrv/admin-serv.pid
-rw-------. 1 root root 5 May 13 20:34 /var/run/dirsrv/admin-serv.pid

[root@rheltest opt]# ls -l  /var/lock/dirsrv/slapd-rheltest/server/2047 
-rw-r--r--. 1 nobody nobody 0 May 16 11:52 /var/lock/dirsrv/slapd-rheltest/server/2047