+++ This bug was initially created as a clone of Bug #836984 +++ +++ This bug was initially created as a clone of Bug #818328 +++ Description of problem: /var/log/osad is created with wrong permission when not able to connect against OSAD server Version-Release number of selected component (if applicable): osad-5.9.38-1 How reproducible: 100% Steps to Reproduce: 1. # yum install osad -y 2. # iptables -I OUTPUT -p tcp --dport 5222 -j DROP 3. # service osad restart (raise exception) 4 # ls -la /var/log/osad (created with wrong permission) -rw-rw-rw- 1 root root 94 May 2 15:01 /var/log/osad Actual results: File is created with wrong permission Expected results: Create file with the expected permission --- Additional comment from mmello on 2012-05-02 21:19:17 CEST --- Please, cherry pick the commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7 from spacewalk master which fixed this issue in upstream. $ git show cdee7358 commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7 Author: Miroslav Suchý <msuchy> Date: Wed Feb 29 16:38:31 2012 +0100 log file may contain password, set chmod to 600 diff --git a/client/tools/osad/osad.spec b/client/tools/osad/osad.spec index 2cb7c9a..9cbc062 100644 --- a/client/tools/osad/osad.spec +++ b/client/tools/osad/osad.spec @@ -231,7 +231,7 @@ rpm -ql osa-dispatcher | xargs -n 1 /sbin/restorecon -rvi {} %attr(755,root,root) %{_initrddir}/osad %doc LICENSE %config(noreplace) %{_sysconfdir}/logrotate.d/osad -%ghost %attr(644,root,root) %{_var}/log/osad +%ghost %attr(600,root,root) %{_var}/log/osad %if 0%{?suse_version} # provide directories not owned by any package during build %dir %{rhnroot} diff --git a/client/tools/osad/src/rhn_log.py b/client/tools/osad/src/rhn_log.py index d87788c..acb4166 100644 --- a/client/tools/osad/src/rhn_log.py +++ b/client/tools/osad/src/rhn_log.py @@ -40,6 +40,7 @@ class Logger: if not Logger.logfile is None: try: file = open( Logger.logfile, 'a' ) + os.chmod(Logger.logfile, 0600) file.write( outstring ) file.close() except IOError: Since already is fixed, changing status to MODIFIED --- Additional comment from jpazdziora on 2012-06-25 17:49:45 CEST --- Note to self: This bugzilla needs to be revisited (open a new one) to use umask + open + restore umask instead of that open + chmod, plus we need to add a %postinstall scriptlet to update the permissions on the existing file. --- Additional comment from Marcelo Moreira de Mello on 2012-12-05 11:57:31 BRST --- Taking --- Additional comment from Marcelo Moreira de Mello on 2012-12-06 15:46:09 BRST --- Created attachment 658907 [details] Patch proposed Hello, Patch already submitted to approval on spacewalk-devel mailing list. https://www.redhat.com/archives/spacewalk-devel/2012-December/msg00000.html Thank you. Best, mmello
Created attachment 658908 [details] Patch proposed
Created attachment 658932 [details] Patch proposed Better looking patch
Created attachment 659531 [details] Patch proposed v2 Patch proposed v2
Applied to Spacewalk master, 16199307a35484e0af5dd152b0ffc228df176e8a. See https://bugzilla.redhat.com/show_bug.cgi?id=836984#c7
Marking bug as ON_QA since tonight's build of Spacewalk nightly is a release candidate for Spacewalk 1.9.
Spacewalk 1.9 has been released. https://fedorahosted.org/spacewalk/wiki/ReleaseNotes19