[Pkg-ganeti-devel] Bug#613648: Bug#613648: ganeti2: Wrong permissions for /var/lock after "gnt-node add"
Iustin Pop
iustin at debian.org
Wed Feb 16 15:13:47 UTC 2011
On Wed, Feb 16, 2011 at 01:29:16PM +0100, Ronny Lindner wrote:
> Package: ganeti2
> Version: 2.1.6-1
> Severity: critical
> Tags: patch upstream
> Justification: breaks unrelated software
>
>
> The command "gnt-node add" changes the permissions of /var/lock to "d-wxrwS--t"
> (3661 octal, 1777 decimal!). Other programs are not able to create a lockfile
> anymore. That was tested with logcheck, which did not work after adding a
> ganeti node.
>
> The fix is really simple: there are 3 occurences of 1777 in
> /usr/sbin/ganeti-confd and /usr/sbin/ganeti-noded . They must be changed to
> 01777 .
Thanks for the fix. Will prepare a package and sent for stable update.
On Wed, Feb 16, 2011 at 02:54:39PM +0100, Ronny Lindner wrote:
> I attached another patch against the source package of ganeti.
>
> Cu, Ronny
> --- daemons/ensure-dirs.in 2011-02-16 14:27:07.000000000 +0100
> +++ daemons/ensure-dirs.in.new 2011-02-16 14:42:37.000000000 +0100
> @@ -138,7 +138,7 @@
> }
>
> _ensure_lockdir() {
> - _ensure_dir ${LOCKDIR} 1777 ""
> + _ensure_dir ${LOCKDIR} 01777 ""
Actually, this is wrong. _ensure_dir uses chown, and chown always uses
octal (“A numeric mode is from one to four octal digits (0-7)”); so
5 digits is wrong…
Speaking as upstream, will review the rest of the code to make sure we
don't have this issue in other places. And sorry for this bug!
thanks,
iustin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ganeti-devel/attachments/20110216/a3d966f1/attachment.pgp>
More information about the Pkg-ganeti-devel
mailing list