Bug 836984 - /var/log/osad is created with wrong permission
/var/log/osad is created with wrong permission
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Client (Show other bugs)
541
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jan Pazdziora
Jiří Mikulka
:
Depends On: 818328
Blocks: sat560-lowbug
  Show dependency treegraph
 
Reported: 2012-07-02 08:28 EDT by Jan Pazdziora
Modified: 2014-10-06 09:46 EDT (History)
5 users (show)

See Also:
Fixed In Version: osad-5.11.14-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 818328
: 884788 (view as bug list)
Environment:
Last Closed: 2013-10-01 17:56:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch proposed (1.52 KB, patch)
2012-12-06 12:46 EST, Marcelo Moreira de Mello
no flags Details | Diff
Patch proposed (1.43 KB, patch)
2012-12-06 13:01 EST, Marcelo Moreira de Mello
no flags Details | Diff
Patch proposed v2 (1.43 KB, patch)
2012-12-07 13:28 EST, Marcelo Moreira de Mello
no flags Details | Diff

  None (edit)
Description Jan Pazdziora 2012-07-02 08:28:57 EDT
+++ This bug was initially created as a clone of Bug #818328 +++

Description of problem:

 /var/log/osad is created with wrong permission when not able to connect against OSAD server

Version-Release number of selected component (if applicable):
osad-5.9.38-1

How reproducible:
100%

Steps to Reproduce:
1. # yum install osad -y
2. # iptables -I OUTPUT -p tcp --dport 5222 -j DROP
3. # service osad restart (raise exception)
4  # ls -la /var/log/osad  (created with wrong permission)
-rw-rw-rw- 1 root root 94 May  2 15:01 /var/log/osad


Actual results:

 File is created with wrong permission

Expected results:

 Create file with the expected permission

--- Additional comment from mmello@redhat.com on 2012-05-02 21:19:17 CEST ---


  Please, cherry pick the commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7 from spacewalk master which fixed this issue in upstream. 

$ git show cdee7358
commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7
Author: Miroslav Suchý <msuchy@redhat.com>
Date:   Wed Feb 29 16:38:31 2012 +0100

    log file may contain password, set chmod to 600

diff --git a/client/tools/osad/osad.spec b/client/tools/osad/osad.spec
index 2cb7c9a..9cbc062 100644
--- a/client/tools/osad/osad.spec
+++ b/client/tools/osad/osad.spec
@@ -231,7 +231,7 @@ rpm -ql osa-dispatcher | xargs -n 1 /sbin/restorecon -rvi {}
 %attr(755,root,root) %{_initrddir}/osad
 %doc LICENSE
 %config(noreplace) %{_sysconfdir}/logrotate.d/osad
-%ghost %attr(644,root,root) %{_var}/log/osad
+%ghost %attr(600,root,root) %{_var}/log/osad
 %if 0%{?suse_version}
 # provide directories not owned by any package during build
 %dir %{rhnroot}
diff --git a/client/tools/osad/src/rhn_log.py b/client/tools/osad/src/rhn_log.py
index d87788c..acb4166 100644
--- a/client/tools/osad/src/rhn_log.py
+++ b/client/tools/osad/src/rhn_log.py
@@ -40,6 +40,7 @@ class Logger:
             if not Logger.logfile is None:
                 try:
                     file = open( Logger.logfile, 'a' )
+                    os.chmod(Logger.logfile, 0600)
                     file.write( outstring )
                     file.close()
                 except IOError:



  Since already is fixed, changing status to MODIFIED

--- Additional comment from jpazdziora@redhat.com on 2012-06-25 17:49:45 CEST ---

Note to self:

This bugzilla needs to be revisited (open a new one) to use umask + open + restore umask instead of that open + chmod, plus we need to add a %postinstall scriptlet to update the permissions on the existing file.
Comment 1 Marcelo Moreira de Mello 2012-12-05 08:57:31 EST
Taking
Comment 2 Marcelo Moreira de Mello 2012-12-06 12:46:09 EST
Created attachment 658907 [details]
Patch proposed


  Hello, 

     Patch already submitted to approval on spacewalk-devel mailing list. 

     https://www.redhat.com/archives/spacewalk-devel/2012-December/msg00000.html

   Thank you. 

Best,
mmello
Comment 3 Marcelo Moreira de Mello 2012-12-06 12:48:28 EST
 Cloned to 884788 and marking to Spacewalk
Comment 4 Marcelo Moreira de Mello 2012-12-06 13:01:35 EST
Created attachment 658931 [details]
Patch proposed


   Better looking patch
Comment 5 Jan Pazdziora 2012-12-07 02:12:04 EST
Making bugzilla public.
Comment 6 Marcelo Moreira de Mello 2012-12-07 13:28:23 EST
Created attachment 659532 [details]
Patch proposed v2

Patch proposed v2
Comment 7 Jan Pazdziora 2012-12-10 06:44:05 EST
(In reply to comment #6)
> Created attachment 659532 [details]
> Patch proposed v2

Applied to Spacewalk master, 16199307a35484e0af5dd152b0ffc228df176e8a.
Comment 10 Clifford Perry 2013-10-01 17:56:57 EDT
Satellite 5.6 has been released. This bug was tracked under the release.  

This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly
before release). 

Moving to CLOSED CURRENT_RELEASE. 

Text from Upgrade Erratum follows:

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1395.html

Note You need to log in before you can comment on or make changes to this bug.