I've noticed that the permissions of the syslog files created by cobblerd are 0666 (read/write everyone). I tried to correct this by setting a stricter umask in the init script (0027) but that has not made a difference.
While this might have something to do with the way cobblerd is run on my server (I managed to get it running as a non-root user in a chroot jail) and I am perfectly happy to debug this on my own, I just want to know beforehand if the permissions are being set this way deliberately by cobblerd, and where this can be modified. If it is expecting a correct umask to be set someplace else, I will poke around my chroot.
Thanks,
Chris
Chris O'Regan wrote:
I've noticed that the permissions of the syslog files created by cobblerd are 0666 (read/write everyone). I tried to correct this by setting a stricter umask in the init script (0027) but that has not made a difference.
While this might have something to do with the way cobblerd is run on my server (I managed to get it running as a non-root user in a chroot jail) and I am perfectly happy to debug this on my own, I just want to know beforehand if the permissions are being set this way deliberately by cobblerd, and where this can be modified. If it is expecting a correct umask to be set someplace else, I will poke around my chroot.
Thanks,
Chris _______________________________________________ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Currently the RPM has the following:
%defattr(755,apache,apache) %dir /var/log/cobbler %dir /var/log/cobbler/kicklog
It looks like it needs to add this for syslog and probably should set syslog with more refined permissions bits.
Currently the RPM has the following:
%defattr(755,apache,apache) %dir /var/log/cobbler %dir /var/log/cobbler/kicklog
It looks like it needs to add this for syslog and probably should set syslog with more refined permissions bits.
Actually, I am referring to the individual log files. They're being created with mode 0666 when a new host begins syslogging to cobblerd. Is this mode hard-coded in cobbler or is it relying on the umask being set correctly before the daemon starts?
Thanks,
Chris
Chris O'Regan wrote:
Currently the RPM has the following:
%defattr(755,apache,apache) %dir /var/log/cobbler %dir /var/log/cobbler/kicklog
It looks like it needs to add this for syslog and probably should set syslog with more refined permissions bits.
Actually, I am referring to the individual log files. They're being created with mode 0666 when a new host begins syslogging to cobblerd. Is this mode hard-coded in cobbler or is it relying on the umask being set correctly before the daemon starts?
Thanks,
Chris _______________________________________________ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Yes, I know.
If we set the directory permissions correctly that should make sure they are created with the same permissions as the directory.
FWIW, umask modification isn't in cobbler anywhere.
--Michael
Yes, I know.
If we set the directory permissions correctly that should make sure they are created with the same permissions as the directory.
Oh, I think I understand why you are saying. The RPM is setting an ACL on directories so that any file created below will inherit its parent's permissions. The RPM hasn't set an ACL on the syslog directory so we are now dealing with unix permissions, that is, calculating the default permissions based on the umask setting.
FWIW, umask modification isn't in cobbler anywhere.
So the fix is to track down where my umask is being changed, or to put an ACL on this directory...
Thanks, this is what I need.
Chris
Chris O'Regan wrote:
Yes, I know.
If we set the directory permissions correctly that should make sure they are created with the same permissions as the directory.
Oh, I think I understand why you are saying. The RPM is setting an ACL on directories so that any file created below will inherit its parent's permissions. The RPM hasn't set an ACL on the syslog directory so we are now dealing with unix permissions, that is, calculating the default permissions based on the umask setting.
FWIW, umask modification isn't in cobbler anywhere.
So the fix is to track down where my umask is being changed, or to put an ACL on this directory...
yeah I think what I suggested earlier (that the sticky bit would help here) is definitely wrong if it's 666.
Since things should be consistent with the RPM, something else is weird ... I'll research further.
If you can, please open a defect in Trac.
Thanks, this is what I need.
Chris
cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Since things should be consistent with the RPM, something else is weird ... I'll research further.
What's weird is my setup; I suspect the RPM is okay. Unless someone else is having a similar problem, please don't worry about investigating this further. I got the answer that I need, and tested that setting the default mask in the directory's ACL does what is expected.
Thanks,
Chris
cobbler@lists.fedorahosted.org
-
Chris O'Regan -
Michael DeHaan