[Spacewalk-list] Upgrade issue when umask set to 0077

Pierre Casenove pcasenove at gmail.com
Tue Feb 28 08:16:18 UTC 2012 

Hi,
What is the conclusion on this issue?

Thanks,

Pierre

2012/2/6 Pierre Casenove <pcasenove at gmail.com>:
> Hello,
> I was not very clear on my issue on my first post, apologies.
> So, what happens exactly when the file is created with 600 access mode:
> - When navigating to Systems --> Kickstart --> Profiles and selecting
> a kickstart, the following msg appears on the top:
> There are errors in your kickstart template. Please check the <a
> href="/rhn/kickstart/KickstartFileDownload.do?ksid=2">template
> errors</a> to determine the problem with the template.
> - When opening the kickstart in a browser, here is the error:
> <pre>
> Mod_python error: "PythonHandler services"
> Traceback (most recent call last):
>  File "/usr/lib64/python2.4/site-packages/mod_python/apache.py", line
> 287, in HandlerDispatch
>    log=debug)
>  File "/usr/lib64/python2.4/site-packages/mod_python/apache.py", line
> 464, in import_module
>    module = imp.load_module(mname, f, p, d)
>  File "/var/www/cobbler/svc/services.py", line 22, in ?
>    from cobbler.services import CobblerSvc
>  File "/usr/lib/python2.4/site-packages/cobbler/services.py", line 36, in ?
>    import remote
>  File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 45, in ?
>    import api as cobbler_api
>  File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 28, in ?
>    import action_sync
>  File "/usr/lib/python2.4/site-packages/cobbler/action_sync.py", line 36, in ?
>    import templar
>  File "/usr/lib/python2.4/site-packages/cobbler/templar.py", line 29, in ?
>    from template_api import Template
>  File "/usr/lib/python2.4/site-packages/cobbler/template_api.py", line 42, in ?
>    raise CX("/etc/cobbler/settings is not a valid YAML file")
> CX: '/etc/cobbler/settings is not a valid YAML file'
> </pre>
>
> Here is the appache_error_log:
> [Mon Feb 06 15:59:31 2012] [notice] mod_python: (Re)importing module 'services'
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services: Traceback (most recent call last):
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File
> "/usr/lib64/python2.4/site-packages/mod_python/apache.py", line 287,
> in HandlerDispatch\n    log=debug)
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File
> "/usr/lib64/python2.4/site-packages/mod_python/apache.py", line 464,
> in import_module\n    module = imp.load_module(mname, f, p, d)
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File "/var/www/cobbler/svc/services.py",
> line 22, in ?\n    from cobbler.services import CobblerSvc
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File
> "/usr/lib/python2.4/site-packages/cobbler/services.py", line 36, in
> ?\n    import remote
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File
> "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 45, in ?\n
>  import api as cobbler_api
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File
> "/usr/lib/python2.4/site-packages/cobbler/api.py", line 28, in ?\n
> import action_sync
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File
> "/usr/lib/python2.4/site-packages/cobbler/action_sync.py", line 36, in
> ?\n    import templar
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File
> "/usr/lib/python2.4/site-packages/cobbler/templar.py", line 29, in ?\n
>   from template_api import Template
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services:   File
> "/usr/lib/python2.4/site-packages/cobbler/template_api.py", line 42,
> in ?\n    raise CX("/etc/cobbler/settings is not a valid YAML file")
> [Mon Feb 06 15:59:31 2012] [error] [client 10.120.193.15]
> PythonHandler services: CX: '/etc/cobbler/settings is not a valid YAML
> file'
>
> When setting 644 access mode on file /etc/cobbler/settings, everything
> is correct
>
> I have ran 2 spacewalk upgrades, and this file permission issue is the
> only one I encountered each time. The rest was correct. As
> spacewalk-upgrade is run as root, it could also save the current umask
> value at the beggining, change it to 0022 and returns to original
> value at the end.
> I checked a bit the upgrade script when I worked on the fix, and this
> file is the only one created from scratch, this might be the real
> issue.
>
> Anyway, I let you decide what's best.
>
> Pierre
>
> 2012/2/6 Jan Pazdziora <jpazdziora at redhat.com>:
>> On Wed, Jan 25, 2012 at 08:51:20AM +0100, Pierre Casenove wrote:
>>> Hello,
>>> I ran into an issue when I upgraded from SW 1.5 to SW 1.6:
>>> - on my set up, root user has an umask of 0077
>>> - during setup, /etc/cobbler/settings is backuped and recreated... but
>>> with permission set to root:root 600
>>> - Apache can't access the file until chmod 644 is performed
>>
>> What is the error produced by Apache?
>>
>>> Please find attached a patch that simply calls chmod after cobbler
>>> file has been created in spacewalk-setup perl script.
>>> I couldn't test it in all cases so please review it carrefully.
>>
>> The problem I see with this approach to fixing the issue is that
>> there are likely other situations when umask 0077 will simply
>> produce unexpected results. So I wonder if spacewalk-setup should
>> instead refuse to run if it detects something more restrictive than
>> 0022?
>>
>> --
>> Jan Pazdziora
>> Principal Software Engineer, Satellite Engineering, Red Hat
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list