Project

General

Profile

Actions

Bug #36808

closed

katello-tracer-upload: command not found when executed via remote execution using effective user other than root.

Added by Jeremy Lenz 9 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
katello-tracer
Target version:
Difficulty:
trivial
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1937203

Description of problem:

Tracer job fails with the following error when executed via remote execution using an effective user other than root
~~
1:
/var/tmp/foreman-ssh-cmd-77db4879-1eff-4a61-a071-8d5207db0e6d/script: line 2: katello-tracer-upload: command not found
2:
Exit status: 127
~~

Version-Release number of selected component (if applicable):

Satellite 6.8.3

How reproducible:

Steps to Reproduce:

1. Setup the remote execution using the following document for a non-root user.
https://access.redhat.com/solutions/2650071
2. Go to administer > Settings > Remote execution > Change Effective user to non-root user configured in step 1.
3. Update a few packages on the client connected to the satellite.
4. Now go the host > Content Host > open the host on which packages are updated > Traces > Select service which needs restart > Restart Selected
5. The job will fail with the error command not found.

Actual results:

The job fails with the following error.
~~
1:
/var/tmp/foreman-ssh-cmd-77db4879-1eff-4a61-a071-8d5207db0e6d/script: line 2: katello-tracer-upload: command not found
2:
Exit status: 127
~~

Expected results:

The job should complete with the exit status 0.

Additional info:

The reason for failure when the effective user is other than the root is the binary location of the katello-tracer-upload command which is /usr/sbin. To execute any binary from /sbin or /usr/sbin, root privileges are required.

Solution 1 -

- Change the location of binary to /usr/bin so that any user with access privileges can execute it.

Solution 2-

- When we try to restart the service using traces, it runs the following commands.
~~
sudo systemctl restart chronyd
katello-tracer-upload
~~

- As you can see, the katello-tracer-upload is executing without sudo but the restart service is running with the sudo privileges.

- If we make the katello-tracer-upload command run with sudo, then any non-root user can run it. This is easily achievable by simply editing the "Restart Services - Katello SSH Default" template. I managed to work around the issue by editing the template as follows.
~~
<%
commands = input(:helper).split(',').map { |split| split.strip }
reboot = commands.delete('reboot')
>
<
= commands.join("\n") >
sudo katello-tracer-upload
<
if reboot ->
<
= render_template('Power Action - SSH Default', action: 'restart') >
<
end %>
~~
Just added the sudo in line number 6. This will work with root user also but not sure whether this acceptable approach or not.

Actions #1

Updated by The Foreman Bot 9 months ago

  • Status changed from New to Ready For Testing
  • Assignee set to Jeremy Lenz
  • Pull request https://github.com/Katello/katello/pull/10762 added
Actions #2

Updated by Jeremy Lenz 9 months ago

  • Subject changed from katello-tracer-upload: command not found when executed via remote execution using effective user other than root. to katello-tracer-upload: command not found when executed via remote execution using effective user other than root.
  • Target version set to Katello 4.11.0
  • Difficulty set to trivial
  • Triaged changed from No to Yes
Actions #3

Updated by Jeremy Lenz 9 months ago

  • Category set to katello-tracer
Actions #4

Updated by The Foreman Bot 9 months ago

  • Fixed in Releases Katello 4.11.0 added
Actions #5

Updated by Jeremy Lenz 9 months ago

  • Status changed from Ready For Testing to Closed
Actions

Also available in: Atom PDF