Hi.
I noted that cobblerd is running with umask(0) and hence are creating
files that are world writable (e.g. files under /tftboot/ or config
files under /etc/ such as rsyncd.conf).
IMHO that is wrong. Files should not be created world writable as
default, so I created a ticket for it, #535.
As a tentative fix, I simply removed os.umask(0) from scripts/cobblerd,
which restored the umask for cobblerd to root-default (typically 022).
However, that had the side effect that mod_python (which is invoked by
apache) failed due to file permissions since service.py import utils.py
which unconditionally tries to create a clogger.Logger-object using
/var/log/clobber/clobber.log as default log file (which, when no longer
world writable, is not writable by apache).
Just to be more clear, I have made my own temporary work around for
the issue available at
http://github.com/slabanja/cobbler/commits/slabanja/.
The work around, as it is, is maybe not suitable as a patch though.
Questions:
* Were/are there any special reason for having cobblerd running with
umask=0?
* Does (the mod_python invoked) service.py really need the
clogger.Logger-object that is created in utils.py? Or could the creation
simply be conditionally left out for e.g. mod_python running as apache?
Best regards,
Mattias