Bug #36808
closed
katello-tracer-upload: command not found when executed via remote execution using effective user other than root.
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1937203
Description of problem:
Tracer job fails with the following error when executed via remote execution using an effective user other than root
~~
1:
/var/tmp/foreman-ssh-cmd-77db4879-1eff-4a61-a071-8d5207db0e6d/script: line 2: katello-tracer-upload: command not found
2:
Exit status: 127
~~
Version-Release number of selected component (if applicable):
Satellite 6.8.3
How reproducible:
Steps to Reproduce:
1. Setup the remote execution using the following document for a non-root user.
https://access.redhat.com/solutions/2650071
2. Go to administer > Settings > Remote execution > Change Effective user to non-root user configured in step 1.
3. Update a few packages on the client connected to the satellite.
4. Now go the host > Content Host > open the host on which packages are updated > Traces > Select service which needs restart > Restart Selected
5. The job will fail with the error command not found.
Actual results:
The job fails with the following error.
~~
1:
/var/tmp/foreman-ssh-cmd-77db4879-1eff-4a61-a071-8d5207db0e6d/script: line 2: katello-tracer-upload: command not found
2:
Exit status: 127
~~
Expected results:
The job should complete with the exit status 0.
Additional info:
The reason for failure when the effective user is other than the root is the binary location of the katello-tracer-upload command which is /usr/sbin. To execute any binary from /sbin or /usr/sbin, root privileges are required.
Solution 1 -
- Change the location of binary to /usr/bin so that any user with access privileges can execute it.
Solution 2-
- When we try to restart the service using traces, it runs the following commands.
~~
sudo systemctl restart chronyd
katello-tracer-upload
~~
- As you can see, the katello-tracer-upload is executing without sudo but the restart service is running with the sudo privileges.
- If we make the katello-tracer-upload command run with sudo, then any non-root user can run it. This is easily achievable by simply editing the "Restart Services - Katello SSH Default" template. I managed to work around the issue by editing the template as follows.
~~
<%
commands = input(:helper).split(',').map { |split| split.strip }
reboot = commands.delete('reboot')>~~
<= commands.join("\n") >
sudo katello-tracer-upload
< if reboot ->
<= render_template('Power Action - SSH Default', action: 'restart') >
< end %>
Just added the sudo in line number 6. This will work with root user also but not sure whether this acceptable approach or not.
Updated by The Foreman Bot about 1 year ago
- Status changed from New to Ready For Testing
- Assignee set to Jeremy Lenz
- Pull request https://github.com/Katello/katello/pull/10762 added
Updated by Jeremy Lenz about 1 year ago
- Subject changed from katello-tracer-upload: command not found when executed via remote execution using effective user other than root. to katello-tracer-upload: command not found when executed via remote execution using effective user other than root.
- Target version set to Katello 4.11.0
- Difficulty set to trivial
- Triaged changed from No to Yes
Updated by The Foreman Bot about 1 year ago
- Fixed in Releases Katello 4.11.0 added
Updated by Jeremy Lenz about 1 year ago
- Status changed from Ready For Testing to Closed
Applied in changeset katello|f310056e74107c68ee7a290c9d74281c553b3e00.