Bug 884788 - /var/log/osad is created with wrong permission
/var/log/osad is created with wrong permission
Status: CLOSED CURRENTRELEASE
Product: Spacewalk
Classification: Community
Component: Clients (Show other bugs)
1.8
All Linux
medium Severity medium
: ---
: ---
Assigned To: Marcelo Moreira de Mello
Red Hat Satellite QA List
:
Depends On:
Blocks: space19
  Show dependency treegraph
 
Reported: 2012-12-06 12:47 EST by Marcelo Moreira de Mello
Modified: 2013-03-06 13:34 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 836984
Environment:
Last Closed: 2013-03-06 13:34:30 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch proposed (1.52 KB, patch)
2012-12-06 12:47 EST, Marcelo Moreira de Mello
no flags Details | Diff
Patch proposed (1.43 KB, patch)
2012-12-06 13:02 EST, Marcelo Moreira de Mello
no flags Details | Diff
Patch proposed v2 (1.43 KB, patch)
2012-12-07 13:27 EST, Marcelo Moreira de Mello
no flags Details | Diff

  None (edit)
Description Marcelo Moreira de Mello 2012-12-06 12:47:04 EST
+++ This bug was initially created as a clone of Bug #836984 +++

+++ This bug was initially created as a clone of Bug #818328 +++

Description of problem:

 /var/log/osad is created with wrong permission when not able to connect against OSAD server

Version-Release number of selected component (if applicable):
osad-5.9.38-1

How reproducible:
100%

Steps to Reproduce:
1. # yum install osad -y
2. # iptables -I OUTPUT -p tcp --dport 5222 -j DROP
3. # service osad restart (raise exception)
4  # ls -la /var/log/osad  (created with wrong permission)
-rw-rw-rw- 1 root root 94 May  2 15:01 /var/log/osad


Actual results:

 File is created with wrong permission

Expected results:

 Create file with the expected permission

--- Additional comment from mmello@redhat.com on 2012-05-02 21:19:17 CEST ---


  Please, cherry pick the commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7 from spacewalk master which fixed this issue in upstream. 

$ git show cdee7358
commit cdee73585fb1446cb0a7438c7d7b6225776d2dd7
Author: Miroslav Suchý <msuchy@redhat.com>
Date:   Wed Feb 29 16:38:31 2012 +0100

    log file may contain password, set chmod to 600

diff --git a/client/tools/osad/osad.spec b/client/tools/osad/osad.spec
index 2cb7c9a..9cbc062 100644
--- a/client/tools/osad/osad.spec
+++ b/client/tools/osad/osad.spec
@@ -231,7 +231,7 @@ rpm -ql osa-dispatcher | xargs -n 1 /sbin/restorecon -rvi {}
 %attr(755,root,root) %{_initrddir}/osad
 %doc LICENSE
 %config(noreplace) %{_sysconfdir}/logrotate.d/osad
-%ghost %attr(644,root,root) %{_var}/log/osad
+%ghost %attr(600,root,root) %{_var}/log/osad
 %if 0%{?suse_version}
 # provide directories not owned by any package during build
 %dir %{rhnroot}
diff --git a/client/tools/osad/src/rhn_log.py b/client/tools/osad/src/rhn_log.py
index d87788c..acb4166 100644
--- a/client/tools/osad/src/rhn_log.py
+++ b/client/tools/osad/src/rhn_log.py
@@ -40,6 +40,7 @@ class Logger:
             if not Logger.logfile is None:
                 try:
                     file = open( Logger.logfile, 'a' )
+                    os.chmod(Logger.logfile, 0600)
                     file.write( outstring )
                     file.close()
                 except IOError:



  Since already is fixed, changing status to MODIFIED

--- Additional comment from jpazdziora@redhat.com on 2012-06-25 17:49:45 CEST ---

Note to self:

This bugzilla needs to be revisited (open a new one) to use umask + open + restore umask instead of that open + chmod, plus we need to add a %postinstall scriptlet to update the permissions on the existing file.

--- Additional comment from Marcelo Moreira de Mello on 2012-12-05 11:57:31 BRST ---

Taking

--- Additional comment from Marcelo Moreira de Mello on 2012-12-06 15:46:09 BRST ---

Created attachment 658907 [details]
Patch proposed


  Hello, 

     Patch already submitted to approval on spacewalk-devel mailing list. 

     https://www.redhat.com/archives/spacewalk-devel/2012-December/msg00000.html

   Thank you. 

Best,
mmello
Comment 1 Marcelo Moreira de Mello 2012-12-06 12:47:50 EST
Created attachment 658908 [details]
Patch proposed
Comment 2 Marcelo Moreira de Mello 2012-12-06 13:02:08 EST
Created attachment 658932 [details]
Patch proposed


  Better looking patch
Comment 3 Marcelo Moreira de Mello 2012-12-07 13:27:31 EST
Created attachment 659531 [details]
Patch proposed v2



   Patch proposed v2
Comment 4 Marcelo Moreira de Mello 2012-12-10 09:45:48 EST
Applied to Spacewalk master, 16199307a35484e0af5dd152b0ffc228df176e8a.

  See https://bugzilla.redhat.com/show_bug.cgi?id=836984#c7
Comment 5 Stephen Herr 2013-03-01 12:07:07 EST
Marking bug as ON_QA since tonight's build of Spacewalk nightly is a release candidate for Spacewalk 1.9.
Comment 6 Stephen Herr 2013-03-06 13:34:30 EST
Spacewalk 1.9 has been released.

https://fedorahosted.org/spacewalk/wiki/ReleaseNotes19

Note You need to log in before you can comment on or make changes to this bug.