Project

General

Profile

Bug #12303

Time settings directive configuration not accessible to non-root users

Added by Rob Pomeroy 9 months ago. Updated 8 months ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Very Small
Priority:
79

Description

Consistently on several Ubuntu 16.04 servers, the "Time settings version 3.2" directive sets the timezone correctly for the root user, but not for other users.

Here's an example of a server, which Rudder claims is fully compliant:

rob.pomeroy@webdbb2:~$ date
Wed Mar 28 16:15:14 UTC 2018
rob.pomeroy@webdbb2:~$ sudo date
Wed Mar 28 17:15:20 BST 2018
rob.pomeroy@webdbb2:~$ cat /etc/timezone
Europe/London

This server is configured to timezone Europe/London, which is currently on daylight saving time (British Summer Time).

Running dpkg-reconfigure -f noninteractive tzdata fixes the problem for all users. So clearly, it does something that the Rudder directive misses. The other command that's popular on Ubuntu, "timedatectl set-timezone Europe/London" , does not fix the problem.

Note: we're not setting TZ in profiles or bashrcs, or anything like that.

Associated revisions

Revision 2e304632 (diff)
Added by Félix DALLIDET 8 months ago

Fixes #12303: Time settings directive configuration not accessible to non-root users

History

#1 Updated by Rob Pomeroy 9 months ago

Forgot to say: this is seen on Rudder server version 4.1.9, Rudder agent 4.1.10-xenial0 (CFEngine Core 3.10.3).

#2 Updated by François ARMAND 8 months ago

  • Subject changed from Time settings directive not global with Ubuntu 16 to Time settings directive configuration not accessible to non-root users
  • Severity set to Minor - inconvenience | misleading | easy workaround
  • User visibility set to Getting started - demo | first install | level 1 Techniques
  • Effort required set to Very Small
  • Priority changed from 0 to 79

On the mailing list, it was proposed that it may be due to bad rights on file: "sounds like the file is not readable for non root users? Maybe the umask and copy file promise makes the resulting file 600?"

If it is the problème, it should be very easy to correct that.

#3 Updated by François ARMAND 8 months ago

  • Category set to Techniques
  • Assignee set to Félix DALLIDET
  • Target version set to 4.1.11

#4 Updated by Félix DALLIDET 8 months ago

  • Category deleted (Techniques)
  • Assignee deleted (Félix DALLIDET)
  • Target version deleted (4.1.11)

I was not able to reproduce the problem. I tried with same agent/server version on a fresh ubuntu 16.04.
The technique does not change/enforce the rights on the timezone file, maybe another program changed it?

The problem seems to come from the /etc/localtime setup which does a hard copy and not a symlink.

#5 Updated by Félix DALLIDET 8 months ago

  • Category set to Techniques
  • Assignee set to Félix DALLIDET
  • Target version set to 4.1.11

#6 Updated by Félix DALLIDET 8 months ago

  • Status changed from New to In progress

#7 Updated by Félix DALLIDET 8 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Félix DALLIDET to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1276

#8 Updated by Félix DALLIDET 8 months ago

  • Status changed from Pending technical review to Pending release

#9 Updated by Alexis MOUSSET 8 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.1.11, 4.2.5 and 4.3.0~rc3 which were released today.

Also available in: Atom PDF