Bug 638773 - permissions too loose on pid and lock files
Summary: permissions too loose on pid and lock files
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.2.6
Hardware: All
OS: All
high
medium
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 639035
TreeView+ depends on / blocked
 
Reported: 2010-09-29 21:26 UTC by Ulf Weltman
Modified: 2015-12-07 17:02 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-12-07 17:02:06 UTC
Embargoed:


Attachments (Terms of Use)
patch proposal (2.40 KB, patch)
2010-09-29 21:26 UTC, Ulf Weltman
nhosoi: review+
Details | Diff

Description Ulf Weltman 2010-09-29 21:26:03 UTC
Looking over some fixes I had made for 8.1 I found this one wasn't submitted yet:

The permissions are too open on these files:
-rw-rw-rw-   1 www        other            6 Aug 31 19:32 /var/opt/dirsrv/slapd-hptem280/run/slapd-hptem280.pid
-rw-rw-rw-   1 www        other            6 Aug 31 19:31 /var/opt/dirsrv/slapd-hptem280/run/slapd-hptem280.startpid
-rw-rw-rw-   1 www        other            0 Aug 31 19:31 /var/opt/dirsrv/slapd-hptem280/lock/server/22298

I'd like to change them to be writable only by the owner (644).  They should remain readable by all since they may serve in an advisory role to other processes that need to determine if it's running.

Comment 1 Ulf Weltman 2010-09-29 21:26:26 UTC
Created attachment 450592 [details]
patch proposal

Comment 3 Noriko Hosoi 2010-10-29 00:48:46 UTC
Comment on attachment 450592 [details]
patch proposal

Looks good to me.

Comment 4 Noriko Hosoi 2010-10-29 16:52:23 UTC
Thanks to Ulf for submitting the patch.

commit 81fe698ca04d1dccc23e8099003521471120bacf
Author: Noriko Hosoi <nhosoi>
Date:   Fri Oct 29 09:43:52 2010 -0700

    Bug 638773 - permissions too loose on pid and lock files
    
    https://bugzilla.redhat.com/show_bug.cgi?id=638773
    
    Description: This patch changes the permissions of the pid and
    lock files to be writable only by the owner (0644).  They should
    remain readable by all since they may serve in an advisory role
    to other processes that need to determine if it's running.
    
    Checking in this patch on behalf of Ulf Weltman (ulf.weltman).

Pushed to master.

$ git merge work
Updating d46f51d..81fe698
Fast-forward
 ldap/servers/slapd/daemon.c     |   10 ++++++----
 ldap/servers/slapd/main.c       |   10 ++++++----
 ldap/servers/slapd/protect_db.c |    6 +++---
 3 files changed, 15 insertions(+), 11 deletions(-)

$ git push
Counting objects: 15, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.15 KiB, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   d46f51d..81fe698  master -> master

Comment 5 Amita Sharma 2011-05-16 10:27:10 UTC
Checked on RHEL machine
==========================

root@rheltest opt]# ls -l /var/run/dirsrv/admin-serv.pid
-rw-------. 1 root root 5 May 13 20:34 /var/run/dirsrv/admin-serv.pid

[root@rheltest opt]# ls -l /var/run/dirsrv/admin-serv.pid
-rw-------. 1 root root 5 May 13 20:34 /var/run/dirsrv/admin-serv.pid

[root@rheltest opt]# ls -l  /var/lock/dirsrv/slapd-rheltest/server/2047 
-rw-r--r--. 1 nobody nobody 0 May 16 11:52 /var/lock/dirsrv/slapd-rheltest/server/2047


Note You need to log in before you can comment on or make changes to this bug.