Hide Forgot
Description of problem: Umask for user "oracle" on RHEL6 is changed to 0002 Version-Release number of selected component (if applicable): Satellite-5.4.1-RHEL6-re20110521.0-x86_64-embedded-oracle.iso RHE6 - x86_64 - Red Hat Enterprise Linux Server release 6.1 How reproducible: Always Steps to Reproduce: 1. On RHEL 6 : su - oracle - c "umask" Actual results: 0002 -rw-rw----. 1 oracle dba 104858112 May 24 08:47 /rhnsat/data/rhnsat/redo_1001.log Expected results: As on RHEL5 0022 -rw-r-----. 1 oracle dba 104858112 May 24 08:47 /rhnsat/data/rhnsat/redo_1001.log Additional info:
On RHEL 5, the umask does not get changed from root's umask at all: # umask 0021 # su - oracle -c 'umask' 0021 On RHEL 6, it is set to 002 in /etc/profile.
But the change is not really specific -- you will see the same behaviour for any other system account you create. Does it cause any harm?
Hi Jan, I think there is a potential security issue especially in the case when RHN-Satellite shares the Oracle Database with other applications and more than one Oracle instance exists. Let's have the case when every instalce runs under its own ORA_USER* and all ORA_USER* are in the DBA group. This means that if there is a security whole in some other application and a malicious user manage to execute some code as ORA_USER* this code can modify RHN-Satellite files as well. I could be wrong but this is the way I think.
But we don't support multiple embedded Oracle installations, nor any non-Satellite use of the machine on which the Satellite with embedded Oracle is installed, do we?
No, we do not support. I guess I had in mind external oracle but we have no control there.
We don't have any immediate plans to change the behaviour that RHEL sets as default for one system account that we create and use in Satellite. Closing as such.