Project

General

Profile

Actions

Bug #37130

closed

Installer doesn't set correct permissions of /pub/ files

Added by Eric Helms 3 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
-

Description

Installer doesn't set correct permissions of /pub/ files

When running the installer on a fresh system, some of the contents of the /pub directory are not accessible. Trying to download the consumer RPM from "https://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm" results in a "403 Forbidden" error. From looking at the file on the system, it seems like the installer is not setting to correct permissions on the files it generated. There isn't read access for the "apache" user:

  1. ll a /var/www/html/pub
    total 120
    drwxr-xr-x. 2 apache apache 4096 Dec 6 01:37 .
    drwxr-xr-x. 3 root root 82 Dec 5 01:28 ..
    -rw-r--r-
    . 1 root root 74211 Apr 26 2022 bootstrap.py
    rw------. 1 root root 12056 Nov 30 17:40 katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm
    rw------. 1 root root 11312 Nov 30 17:40 katello-ca-consumer-satellite.example.com-1.0-1.src.rpm
    lrwxrwxrwx. 1 root root 94 Nov 30 17:40 katello-ca-consumer-latest.noarch.rpm > /var/www/html/pub/katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm
    -rwx-----
    . 1 root root 8240 Nov 30 17:40 katello-rhsm-consumer
    rw-r--r-. 1 root root 2706 Nov 30 17:40 katello-server-ca.crt

It seems to be using the default umask for the system:

  1. umask
    0077

This can be fixed by adding global read access to the files, but it seems like the installer should be doing this.

Reproducible: Always

Steps to Reproduce:
1. Start with a fresh system
2. Have the umask set to 0077
3. Run `satellite-installer --scenario satellite`
4. Try to access "https://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm"
Actual Results:
"403 Forbidden" error

Expected Results:
RPM file is downloaded

Actions #1

Updated by The Foreman Bot 3 months ago

  • Status changed from New to Ready For Testing
  • Assignee set to Eric Helms
  • Pull request https://github.com/theforeman/puppet-foreman_proxy_content/pull/471 added
Actions #2

Updated by The Foreman Bot 3 months ago

  • Fixed in Releases 3.10.0 added
Actions #3

Updated by Eric Helms 3 months ago

  • Status changed from Ready For Testing to Closed
Actions #4

Updated by The Foreman Bot 2 months ago

  • Pull request https://github.com/theforeman/puppet-foreman_proxy_content/pull/472 added
Actions #5

Updated by The Foreman Bot about 2 months ago

  • Pull request https://github.com/theforeman/puppet-foreman_proxy_content/pull/477 added
Actions

Also available in: Atom PDF