Context Navigation

← Previous Ticket
Next Ticket →

Ticket #893 (closed defect: fixed)

Last modified 13 years ago

bcfg2 wipes permissions on incomplete <Path ... > rule

Reported by:	Remi Broemeling <[email protected]…>	Owned by:	desai
Priority:	major	Milestone:	Bcfg2 1.1.0 Release
Component:	bcfg2-client	Version:	1.0
Keywords:	rules permissions path	Cc:

Description

When bcfg2 is given an incomplete Path (type="permissions") Rule (one which does not define a "perms" attribute), it removes all permissions (chmod 000) from the referenced file. This action is clearly incorrect and also quite damaging if it occurs by accident. Expected behavior would be to either refuse to apply the incomplete Path rule at all, or to apply it but not change the permissions at all.

# cat Base/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path name='/var/lib/libuuid' />
# cat Rules/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path group='libuuid' name='/var/lib/libuuid' owner='libuuid' perms='2775' type='permissions' />
# ls -lad /var/lib/libuuid
drwxrwsr-x 2 libuuid libuuid 4096 Apr 22 19:10 /var/lib/libuuid
#

Then I modified Rules/ubuntu-lucid-base.xml and removed the perms='2775' from the element and then re-ran bcfg2 -q, resulting in the state shown below:

# cat Base/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path name='/var/lib/libuuid' />
# cat Rules/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path group='libuuid' name='/var/lib/libuuid' owner='libuuid' type='permissions' />
# ls -lad /var/lib/libuuid
d--------- 2 libuuid libuuid 4096 Apr 22 19:10 /var/lib/libuuid
# bcfg2-repo-validate
The following required attributes are missing for Path /var/lib/libuuid in /var/lib/bcfg2/Rules/ubuntu-lucid-base.xml: ['perms']
#

Re-adding the perms='2775' to the element and then again running bcfg2 -q, I restored the permissions on the path correctly:

# cat Base/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path name='/var/lib/libuuid' />
# cat Rules/ubuntu-lucid-base.xml | grep /var/lib/libuuid
                <Path group='libuuid' name='/var/lib/libuuid' owner='libuuid' perms='2775' type='permissions' />
# ls -lad /var/lib/libuuid
drwxrwsr-x 2 libuuid libuuid 4096 Apr 22 19:10 /var/lib/libuuid
# bcfg2-repo-validate
#

Basically, everything works as it should except when the perms attribute is missing, which is when bcfg2 will actively erase all permissions from the target path.

Attachments

Change History

comment:1 Changed 13 years ago by solj

Status changed from new to closed
Resolution set to fixed

Resolved in [c19c638a5cc23f1166eb21fa3814e0d53d563d23] (SVN r5939).

WARNING! You need to establish a session before you can create or edit tickets. Otherwise the ticket will get treated as spam.

View ↑

Add a comment

You may use WikiFormatting here.

Modify Ticket

Change Properties

Summary:
Type:		Priority:
Milestone:		Component:
Version:		Keywords:
Add/Remove from Cc:	<Author field>

Action

leave as closed

reopen The resolution will be deleted. Next status will be 'reopened'

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑

Note: See TracTickets for help on using tickets.

Download in other formats: