Project

General

Profile

Bug #21419

Reverse logic of setfacl_etc_dhcp and setfacl_var_lib_dhcp

Added by Lukas Pramuk over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

setfacl installer code is working but with reverse logic, see:

1. Set ACL
  1. setfacl -R -m u:foreman-proxy:rx /var/lib/dhcpd /etc/dhcp
  1. satellite-installer -v
    ...
    [ WARN 2017-10-22 06:48:16 verbose] /Stage[main]/Foreman_proxy::Proxydhcp/Exec[setfacl_etc_dhcp]/returns: executed successfully
    [ WARN 2017-10-22 06:48:16 verbose] /Stage[main]/Dhcp/Concat[/etc/dhcp/dhcpd.conf]/File[/etc/dhcp/dhcpd.conf]/mode: mode changed '0654' to '0644'
    [ INFO 2017-10-22 06:48:16 verbose] Concat[/etc/dhcp/dhcpd.conf]: Scheduling refresh of Service[dhcpd]
    ...

when acl is present installer sets it !!!

2. Remove ACL
  1. setfacl -R -x u:foreman-proxy /var/lib/dhcpd /etc/dhcp
  1. satellite-installer -v
    ...
    <no exec of setfacl_etc_dhcp>
    ...

when acl is not set installer doesn't set it !!!

Moreover, setfacl_var_lib_dhcp has typo!!!

onlyif  => "getfacl -p /var/lib/dhcp | grep user:${::foreman_proxy::user}:r-x" 

/var/lib/dhcp doesn't exist it should be /var/lib/dhcpd


Related issues

Related to Installer - Bug #20683: Upgrade of dhcpd always breaks permissionsClosed2017-08-21

Associated revisions

Revision 9041338d (diff)
Added by Ewoud Kohl van Wijngaarden over 4 years ago

Fixes #21419 - Fix DHCP directory ACLs

Due to the onlyif this was never executed. There was also a typo in the
/var/lib/dhcp path. By using a loop we can use a variable that prevents
this mismatch.

Spotted by Lukas Pramuk

History

#1 Updated by The Foreman Bot over 4 years ago

  • Assignee set to Ewoud Kohl van Wijngaarden
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/386 added

#2 Updated by Lukas Pramuk over 4 years ago

  • Bugzilla link set to 1477545

#3 Updated by Lukas Pramuk over 4 years ago

  • Related to Bug #20683: Upgrade of dhcpd always breaks permissions added

#4 Updated by Ewoud Kohl van Wijngaarden over 4 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF