[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cobbler-devel
Subject:    cobblerd and umask(0) (#535)
From:       slabanja () chalmers ! se (Mattias Slabanja)
Date:       2009-11-23 17:34:54
Message-ID: 4B0AC7BE.7040905 () chalmers ! se
[Download RAW message or body]


Hi.

I noted that cobblerd is running with umask(0) and hence are creating
files that are world writable (e.g. files under /tftboot/ or config
files under /etc/ such as rsyncd.conf).
IMHO that is wrong. Files should not be created world writable as
default, so I created a ticket for it, #535.

As a tentative fix, I simply removed os.umask(0) from scripts/cobblerd,
which restored the umask for cobblerd to root-default (typically 022).
However, that had the side effect that mod_python (which is invoked by
apache) failed due to file permissions since service.py import utils.py
which unconditionally tries to create a clogger.Logger-object using
/var/log/clobber/clobber.log as default log file (which, when no longer
world writable, is not writable by apache).

Just to be more clear, I have made my own temporary work around for
the issue available at http://github.com/slabanja/cobbler/commits/slabanja/.
The work around, as it is, is maybe not suitable as a patch though.

Questions:

* Were/are there any special reason for having cobblerd running with
umask=0?

* Does (the mod_python invoked) service.py really need the
clogger.Logger-object that is created in utils.py? Or could the creation
simply be conditionally left out for e.g. mod_python running as apache?



Best regards,
Mattias


[prev in list] [next in list] [prev in thread] [next in thread]