81288 – up2date needs a config option to prevent remote reboots

Bug 81288 - up2date needs a config option to prevent remote reboots

Summary: up2date needs a config option to prevent remote reboots

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	up2date
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Adrian Likins
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	77359
TreeView+	depends on / blocked

Reported:	2003-01-07 16:30 UTC by Phil D'Amore
Modified:	2007-11-30 22:07 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-04-03 18:47:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Phil D'Amore 2003-01-07 16:30:18 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
The recently added feature to RHN to schedule a reboot of a server needs have a
config option on the client that prevents its use.  This option should not be
overridable via RHN itself.  Something in /etc/sysconfig/rhn/up2date.conf would
probably suffice.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
This is a missing config option.  There is no error to reproduce.

Additional info:

Comment 1 Adrian Likins 2003-01-15 00:07:29 UTC

All config options are overridable by rhn, so it doesn't make much sense
to disable it client side. 

Not sure I understand the reasoning for the request. reboot actions
are never scheduled without being explicitily scheduled by the
administrator. 

Was there a case where you accidently rebooted a machine of something?
It  may make more sence to do that server side, if at all.

Comment 2 Need Real Name 2003-01-15 14:37:42 UTC

I don't think we're on the same page here.  We're talking about adding an option
to /etc/sysconfig/rhn/up2date in the same sprirt as "removeSkipList",
"noReplaceConfig", "noBootLoader", "pkgSkipList", "fileSkipList", etc that will
not allow up2date to reboot a box remotely.  Perhaps a "doNotRebootThisMachine"
option.

Your above statement is a little confusing, as it implies that all of the above
options can be overridden by the web interface side of things.  Is that true?

The potential for damage to be done by a compromised RHN account is now
non-trivial, as the web interface can now schedule machine reboots.  The reason
for needing the ability to disable this feature should be obvious.

Comment 3 Adrian Likins 2003-01-15 18:30:16 UTC

There are actions that allow all configuration options to
be changed. At the moment, I don't think any of these
are setup on the website. 

I can add a config option, but it can be reset
by a config change option from the server side
(if not from the website atm).

Comment 4 Adrian Likins 2003-01-16 05:04:55 UTC

in cvs head (3.0.43 or so...)
backport for 8.0 landing soon

Comment 5 Adrian Likins 2003-01-16 05:15:16 UTC

backport landed in cvs as well, for the sake of
process, I'm considering this a bug fix, so
it should land in the 8.0 errata. 

Marking as modified so qa can verify the fix:

verification plan:
    set "noReboot" to 1 in the config file, attempt to
    schedule a reboot action.
 

    action should fail with exit code 38, and message "Up2date
is configured not to allow reboots"

   set "noReboot" to 0 in config file, and schedule a reboot action.
   system should reboot.

Comment 6 Josef Komenda 2003-04-03 18:47:47 UTC

Works in Red Hat 9, and will be errata'd in the future, closing.

Note You need to log in before you can comment on or make changes to this bug.