Project

General

Profile

Actions
Copy link

Bug #5229

closed

Bug #5172: ncf-api does not run as root and cannot use command to read/write promises

Bug #5194: correct permission on /var/rudder/configuration-repository so ncf-builder can write/delete techniques

ncf-api needs to adjust permissions on .git

Added by Nicolas PERRON almost 10 years ago. Updated almost 10 years ago.

Status:
Released
Priority:
1
Assignee:
Jonathan CLARKE
Category:
-
Target version:
2.11.0~rc1
Pull Request:
https://github.com/Normation/rudder-p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

In the rudder-webapp postinst, the use of the command "git commit -m 'initial commit'" create a file with mode 644, which is the default mode. It leads to an error with ncf post-hook since the previous command create the file 'COMMIT_EDITMSG' :

root@rudder-snapshot:/var/rudder/configuration-repository# tail /var/log/apache2/error.log
[...]
[Mon Jul 07 11:33:05 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf
[Mon Jul 07 11:33:29 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf
fatal: could not open '.git/COMMIT_EDITMSG': Permission denied
fatal: could not open '.git/COMMIT_EDITMSG': Permission denied
[Mon Jul 07 11:47:01 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf

To ensure that no other file could be created during the postinst, we should add permissions to group recursively on all .git.

Actions
Copy link
 #1

Updated by Nicolas PERRON almost 10 years ago

Adjust permissions on .git/COMMIT_EDITMSG should suffice but it would be more prudent to ensure that all files under .git have the righ group permissions.

Actions
Copy link
 #2

Updated by Nicolas PERRON almost 10 years ago

  • Status changed from New to Pending technical review
  • Assignee changed from Nicolas PERRON to Jonathan CLARKE
  • % Done changed from 0 to 100
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/440

PR URL: https://github.com/Normation/rudder-packages/pull/440

Jon, could you review it please ?

Actions
Copy link
 #3

Updated by Nicolas PERRON almost 10 years ago

  • Status changed from Pending technical review to Pending release

Applied in changeset packages:commit:f98ef427ae33fc42ced944b1c375f26937a46784.

Actions
Copy link
 #4

Updated by Nicolas CHARLES almost 10 years ago

Applied in changeset packages:commit:f6126b72227e904f0ba0639ebdb1d397bf755edf.

Actions
Copy link
 #5

Updated by Vincent MEMBRÉ almost 10 years ago

  • Parent task set to #5194
Actions
Copy link
 #6

Updated by Vincent MEMBRÉ almost 10 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.0~rc1 (announcement , changelog), which was released today.

Actions
Copy link
 #7

Updated by François ARMAND 3 months ago

  • Related to Bug #23920: Lift Async system is not able to find spring SecurityContextHolder added
Actions
Copy link
 #8

Updated by François ARMAND 3 months ago

  • Related to deleted (Bug #23920: Lift Async system is not able to find spring SecurityContextHolder)
Actions
Copy link

Also available in: Atom PDF