Modify

Ticket #893 (closed defect: fixed)

Opened 12 years ago

Last modified 12 years ago

bcfg2 wipes permissions on incomplete <Path ... > rule

Reported by: Remi Broemeling <[email protected]…> Owned by: desai
Priority: major Milestone: Bcfg2 1.1.0 Release
Component: bcfg2-client Version: 1.0
Keywords: rules permissions path Cc:

Description

When bcfg2 is given an incomplete Path (type="permissions") Rule (one which does not define a "perms" attribute), it removes all permissions (chmod 000) from the referenced file. This action is clearly incorrect and also quite damaging if it occurs by accident. Expected behavior would be to either refuse to apply the incomplete Path rule at all, or to apply it but not change the permissions at all.

# cat Base/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path name='/var/lib/libuuid' />
# cat Rules/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path group='libuuid' name='/var/lib/libuuid' owner='libuuid' perms='2775' type='permissions' />
# ls -lad /var/lib/libuuid
drwxrwsr-x 2 libuuid libuuid 4096 Apr 22 19:10 /var/lib/libuuid
#

Then I modified Rules/ubuntu-lucid-base.xml and removed the perms='2775' from the element and then re-ran bcfg2 -q, resulting in the state shown below:

# cat Base/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path name='/var/lib/libuuid' />
# cat Rules/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path group='libuuid' name='/var/lib/libuuid' owner='libuuid' type='permissions' />
# ls -lad /var/lib/libuuid
d--------- 2 libuuid libuuid 4096 Apr 22 19:10 /var/lib/libuuid
# bcfg2-repo-validate
The following required attributes are missing for Path /var/lib/libuuid in /var/lib/bcfg2/Rules/ubuntu-lucid-base.xml: ['perms']
#

Re-adding the perms='2775' to the element and then again running bcfg2 -q, I restored the permissions on the path correctly:

# cat Base/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path name='/var/lib/libuuid' />
# cat Rules/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path group='libuuid' name='/var/lib/libuuid' owner='libuuid' perms='2775' type='permissions' />
# ls -lad /var/lib/libuuid
drwxrwsr-x 2 libuuid libuuid 4096 Apr 22 19:10 /var/lib/libuuid
# bcfg2-repo-validate
#

Basically, everything works as it should except when the perms attribute is missing, which is when bcfg2 will actively erase all permissions from the target path.

Attachments

Change History

comment:1 Changed 12 years ago by solj

  • Status changed from new to closed
  • Resolution set to fixed

WARNING! You need to establish a session before you can create or edit tickets. Otherwise the ticket will get treated as spam.

View

Add a comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.