Bug 982738 - openshift.conf should be root owned
openshift.conf should be root owned
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
2.x
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: Dan McPherson
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-09 13:40 EDT by Mike McGrath
Modified: 2015-05-14 19:23 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-07 18:55:01 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike McGrath 2013-07-09 13:40:24 EDT
in the python cartridge and possibly others, openshift.conf (httpd config) is owned by the user instead of root.  It should be owned by root so we have some assurances the user hasn't changed it.

In the migration for this we'll also have to ensure that the user hasn't altered that file.  If they have we may have to contact them or rename openshift.conf as openshift.conf.changed so their changes don't get lost.
Comment 1 Dan McPherson 2013-07-29 12:17:40 EDT
https://github.com/openshift/origin-server/pull/3197
Comment 4 Meng Bo 2013-07-30 05:02:45 EDT
Checked on devenv_3580, 
the cartridges which affected in this bug are listed as follow:
[root@ip-10-164-63-181 .cartridge_repository]# find . -name openshift.conf.erb |xargs ls -l
-rw-r--r--. 1 root root  570 Jul 29 20:16 ./redhat-diy/0.0.2/configuration/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root  472 Jul 29 20:16 ./redhat-metrics/0.0.1/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root  903 Jul 29 20:16 ./redhat-perl/0.0.2/versions/shared/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root  801 Jul 29 20:16 ./redhat-php/0.0.2/versions/shared/configuration/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root  575 Jul 29 20:16 ./redhat-phpmyadmin/0.0.2/versions/shared/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root 1266 Jul 29 20:16 ./redhat-python/0.0.2/versions/shared/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root  563 Jul 29 20:16 ./redhat-rockmongo/0.0.1/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root 1006 Jul 29 20:16 ./redhat-ruby/0.0.4/versions/1.8/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root 1052 Jul 29 20:16 ./redhat-ruby/0.0.4/versions/1.9/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root 1095 Jul 29 20:16 ./redhat-ruby/0.0.4/versions/2.0/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root 1145 Jul 29 20:16 ./redhat-ruby/0.0.4/versions/shared/etc/conf.d/openshift.conf.erb
-rw-r--r--. 1 root root  776 Jul 29 20:16 ./redhat-zend/0.0.2/versions/5.6/configuration/etc/conf.d/openshift.conf.erb


Create apps with all the cartridges in the list, and check the owner of the file.
# find . -name openshift.conf |grep -v version |xargs ls -l
-rw-r--r--. 1 root 51f7738629f7160719000003         1026 Jul 30 04:04 ./51f7738629f7160719000003/ruby/etc/conf.d/openshift.conf
-rw-r--r--. 1 root 592604022823270823755776          900 Jul 30 04:02 ./592604022823270823755776/php/configuration/etc/conf.d/openshift.conf
-rw-r--r--. 1 root 592604022823270823755776          562 Jul 30 04:07 ./592604022823270823755776/phpmyadmin/conf.d/openshift.conf
-rw-r--r--. 1 root 7f9fba3cf8ee11e2b1f122000aa43fb5 1032 Jul 30 04:03 ./7f9fba3cf8ee11e2b1f122000aa43fb5/perl/etc/conf.d/openshift.conf
-rw-r--r--. 1 root 7f9fba3cf8ee11e2b1f122000aa43fb5  644 Jul 30 04:07 ./7f9fba3cf8ee11e2b1f122000aa43fb5/rockmongo/etc/conf.d/openshift.conf
-rw-r--r--. 1 root 910026e0f8ee11e2b1f122000aa43fb5  481 Jul 30 04:11 ./910026e0f8ee11e2b1f122000aa43fb5/metrics/conf.d/openshift.conf
-rw-r--r--. 1 root 910026e0f8ee11e2b1f122000aa43fb5 1586 Jul 30 04:03 ./910026e0f8ee11e2b1f122000aa43fb5/python/etc/conf.d/openshift.conf
-rw-r--r--. 1 root b97641b8f8ee11e2b1f122000aa43fb5 1050 Jul 30 04:05 ./b97641b8f8ee11e2b1f122000aa43fb5/ruby/etc/conf.d/openshift.conf
-rw-r--r--. 1 root ceca9cdaf8ee11e2b1f122000aa43fb5  951 Jul 30 04:05 ./ceca9cdaf8ee11e2b1f122000aa43fb5/zend/configuration/etc/conf.d/openshift.conf
-rw-r--r--. 1 root ea6fed6ef8ee11e2b1f122000aa43fb5  661 Jul 30 04:06 ./ea6fed6ef8ee11e2b1f122000aa43fb5/diy/configuration/etc/conf.d/openshift.conf

openshift.conf for all the carts are root owned now. Move bug to verified.

Will move the bug to verified.


@dmcphers
For the migration part, the old app with openshift.conf modified with be replaced by the default one, and did not have any backup. Not sure if this is what we want, since it is a little different with the bug description.
Comment 5 Dan McPherson 2013-07-30 09:49:28 EDT
Oh sorry I should meant to comment about the old file issue.  We have been replacing these files every release already with no warning.  I did not add any additional logic as this file is no different than any of the others we replace that are in user control.  They are in user control because they need to be changed on git push/etc but users changing them directly is not supported.

Note You need to log in before you can comment on or make changes to this bug.