[Spacewalk-list] Upgrade issue when umask set to 0077

Pierre Casenove pcasenove at gmail.com
Mon Feb 6 16:11:02 UTC 2012 

Hello,
I was not very clear on my issue on my first post, apologies.
So, what happens exactly when the file is created with 600 access mode:
- When navigating to Systems --> Kickstart --> Profiles and selecting
a kickstart, the following msg appears on the top:
There are errors in your kickstart template. Please check the <a
href="/rhn/kickstart/KickstartFileDownload.do?ksid=2">template
errors</a> to determine the problem with the template.
- When opening the kickstart in a browser, here is the error:
<pre>
Mod_python error: "PythonHandler services"
Traceback (most recent call last):
  File "/usr/lib64/python2.4/site-packages/mod_python/apache.py", line
287, in HandlerDispatch
    log=debug)
  File "/usr/lib64/python2.4/site-packages/mod_python/apache.py", line
464, in import_module
    module = imp.load_module(mname, f, p, d)
  File "/var/www/cobbler/svc/services.py", line 22, in ?
    from cobbler.services import CobblerSvc
  File "/usr/lib/python2.4/site-packages/cobbler/services.py", line 36, in ?
    import remote
  File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 45, in ?
    import api as cobbler_api
  File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 28, in ?
    import action_sync
  File "/usr/lib/python2.4/site-packages/cobbler/action_sync.py", line 36, in ?
    import templar
  File "/usr/lib/python2.4/site-packages/cobbler/templar.py", line 29, in ?
    from template_api import Template
  File "/usr/lib/python2.4/site-packages/cobbler/template_api.py", line 42, in ?
    raise CX("/etc/cobbler/settings is not a valid YAML file")
CX: '/etc/cobbler/settings is not a valid YAML file'
</pre>

Here is the appache_error_log:
[Mon Feb 06 15:59:31 2012] [notice] mod_python: (Re)importing module 'services'
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services: Traceback (most recent call last):
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File
"/usr/lib64/python2.4/site-packages/mod_python/apache.py", line 287,
in HandlerDispatch\n    log=debug)
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File
"/usr/lib64/python2.4/site-packages/mod_python/apache.py", line 464,
in import_module\n    module = imp.load_module(mname, f, p, d)
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File "/var/www/cobbler/svc/services.py",
line 22, in ?\n    from cobbler.services import CobblerSvc
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File
"/usr/lib/python2.4/site-packages/cobbler/services.py", line 36, in
?\n    import remote
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File
"/usr/lib/python2.4/site-packages/cobbler/remote.py", line 45, in ?\n
  import api as cobbler_api
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File
"/usr/lib/python2.4/site-packages/cobbler/api.py", line 28, in ?\n
import action_sync
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File
"/usr/lib/python2.4/site-packages/cobbler/action_sync.py", line 36, in
?\n    import templar
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File
"/usr/lib/python2.4/site-packages/cobbler/templar.py", line 29, in ?\n
   from template_api import Template
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services:   File
"/usr/lib/python2.4/site-packages/cobbler/template_api.py", line 42,
in ?\n    raise CX("/etc/cobbler/settings is not a valid YAML file")
[Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
PythonHandler services: CX: '/etc/cobbler/settings is not a valid YAML
file'

When setting 644 access mode on file /etc/cobbler/settings, everything
is correct

I have ran 2 spacewalk upgrades, and this file permission issue is the
only one I encountered each time. The rest was correct. As
spacewalk-upgrade is run as root, it could also save the current umask
value at the beggining, change it to 0022 and returns to original
value at the end.
I checked a bit the upgrade script when I worked on the fix, and this
file is the only one created from scratch, this might be the real
issue.

Anyway, I let you decide what's best.

Pierre

2012/2/6 Jan Pazdziora <jpazdziora at redhat.com>:
> On Wed, Jan 25, 2012 at 08:51:20AM +0100, Pierre Casenove wrote:
>> Hello,
>> I ran into an issue when I upgraded from SW 1.5 to SW 1.6:
>> - on my set up, root user has an umask of 0077
>> - during setup, /etc/cobbler/settings is backuped and recreated... but
>> with permission set to root:root 600
>> - Apache can't access the file until chmod 644 is performed
>
> What is the error produced by Apache?
>
>> Please find attached a patch that simply calls chmod after cobbler
>> file has been created in spacewalk-setup perl script.
>> I couldn't test it in all cases so please review it carrefully.
>
> The problem I see with this approach to fixing the issue is that
> there are likely other situations when umask 0077 will simply
> produce unexpected results. So I wonder if spacewalk-setup should
> instead refuse to run if it detects something more restrictive than
> 0022?
>
> --
> Jan Pazdziora
> Principal Software Engineer, Satellite Engineering, Red Hat
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list