Description of problem: When running mco commands from user's shell, it will return error message "Failed to generate application list: RuntimeError: Cannot find config file '/etc/mcollective/client.cfg'". Since user should not have permission to run the mco command, so it should return error messages like "Permission Denial" or "Command not found" instead. Version-Release number of selected component (if applicable): INT(devenv_2686) and STAGE(devenv-stage_272) How reproducible: always Steps to Reproduce: 1.Create app on INT 2.SSH login to the app 3.Run mco commands $mco ping $mco Actual results: [perl1-bmengc9int.int.rhcloud.com ~]\> mco ping Failed to generate application list: RuntimeError: Cannot find config file '/etc/mcollective/client.cfg' Expected results: Error message like "Permission Denial" or "Command not found" should be shown. Additional info:
Created attachment 682188 [details] mco_devenv_log The mco commands can be ran successfully on devenv with some error messages. Since it cannot be ran on STG and INT, so we don't report the devenv only issue. If it is also should not be ran on devenv, I will raise separate bug to track. Attach the devenv result log to compare.
Commit pushed to master at https://github.com/openshift/li https://github.com/openshift/li/commit/6950555d511f8b28e2187596e6ad68b9988aae39 Bug 901424 - client.cfg should have same perms as on int/stg/prod.
Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/2ba5129a9e07ae500bc28474b4d6a0a52a8d242c Bug 901424 - Hide the mco command.
Preventing gear users from accessing the client and server configurations is the appropriate way to stop end-users from accessing our mcollective instance. It doesn't matter if they can run the mco command. The rhcsh returns permission denied for "mco".
Checked on devenv_2877, issue has been fixed. [app1-bmeng1.dev.rhcloud.com ~]\> mco ping mco: Permission denied [app1-bmeng1.dev.rhcloud.com ~]\> mco mco: Permission denied Move bug to verified.