+++ This bug was initially created as a clone of Bug #818328 +++ Description of problem: /var/log/osad is created with wrong permission when not able to connect against OSAD server Version-Release number of selected component (if applicable): osad-5.9.38-1 How reproducible: 100% Steps to Reproduce: 1. # yum install osad -y 2. # iptables -I OUTPUT -p tcp --dport 5222 -j DROP 3. # service osad restart (raise exception) 4 # ls -la /var/log/osad (created with wrong permission) -rw-rw-rw- 1 root root 94 May 2 15:01 /var/log/osad Actual results: File is created with wrong permission Expected results: Create file with the expected permission --- Additional comment from mmello on 2012-05-02 21:19:17 CEST --- Please, cherry pick the commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7 from spacewalk master which fixed this issue in upstream. $ git show cdee7358 commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7 Author: Miroslav Suchý <msuchy> Date: Wed Feb 29 16:38:31 2012 +0100 log file may contain password, set chmod to 600 diff --git a/client/tools/osad/osad.spec b/client/tools/osad/osad.spec index 2cb7c9a..9cbc062 100644 --- a/client/tools/osad/osad.spec +++ b/client/tools/osad/osad.spec @@ -231,7 +231,7 @@ rpm -ql osa-dispatcher | xargs -n 1 /sbin/restorecon -rvi {} %attr(755,root,root) %{_initrddir}/osad %doc LICENSE %config(noreplace) %{_sysconfdir}/logrotate.d/osad -%ghost %attr(644,root,root) %{_var}/log/osad +%ghost %attr(600,root,root) %{_var}/log/osad %if 0%{?suse_version} # provide directories not owned by any package during build %dir %{rhnroot} diff --git a/client/tools/osad/src/rhn_log.py b/client/tools/osad/src/rhn_log.py index d87788c..acb4166 100644 --- a/client/tools/osad/src/rhn_log.py +++ b/client/tools/osad/src/rhn_log.py @@ -40,6 +40,7 @@ class Logger: if not Logger.logfile is None: try: file = open( Logger.logfile, 'a' ) + os.chmod(Logger.logfile, 0600) file.write( outstring ) file.close() except IOError: Since already is fixed, changing status to MODIFIED --- Additional comment from jpazdziora on 2012-06-25 17:49:45 CEST --- Note to self: This bugzilla needs to be revisited (open a new one) to use umask + open + restore umask instead of that open + chmod, plus we need to add a %postinstall scriptlet to update the permissions on the existing file.
Taking
Created attachment 658907 [details] Patch proposed Hello, Patch already submitted to approval on spacewalk-devel mailing list. https://www.redhat.com/archives/spacewalk-devel/2012-December/msg00000.html Thank you. Best, mmello
Cloned to 884788 and marking to Spacewalk
Created attachment 658931 [details] Patch proposed Better looking patch
Making bugzilla public.
Created attachment 659532 [details] Patch proposed v2 Patch proposed v2
(In reply to comment #6) > Created attachment 659532 [details] > Patch proposed v2 Applied to Spacewalk master, 16199307a35484e0af5dd152b0ffc228df176e8a.
Satellite 5.6 has been released. This bug was tracked under the release. This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly before release). Moving to CLOSED CURRENT_RELEASE. Text from Upgrade Erratum follows: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1395.html