Bug #13937
open
Permission broken in /var/rudder/conf-repo/ncf/{hooks.d, 50_tech}
Description
During normal usage of Rudder, the permissions of two directories under conf-repo/ncf were changed to root/root.
We don't have identified what was the process that lead to the change.
We observe it regularly so that we are pretty sure there is a bug, but an infrequent one, perhaps due to some race conditions.
We need to find the root cause of that, or at least find a workaround to correct it.
A very small workaround may be to launch the "set permission" script at each run.
A better correction would be to set up probes to be able to debug what is the root cause of the problem.
Updated by François ARMAND over 5 years ago
More preciselly:
- it was on rudder 5.0.2 but happened before.
- it happens during normal use of the technique editor (not after a restart or a VM wake up...)
- both owner and rights were changed (root:root and bad rights)
It can't be the technique editor because it does not have root rights. So, it could be:
- the agent (cf-agent or cf-promises),
- the webapp,
- a cron.
It is very unliklly linked to packaging because it was well after installation.
First step: list all the thing touching these path.
If the case happens again, please snapshot the corresponding VM for forensic!
Updated by François ARMAND over 5 years ago
- Effort required deleted (
Very Small) - Priority changed from 70 to 41
We choose to not had a workaround to try to find the root cause, but we didn't saw the problem since, so we don't even know what log we could add to try to find the cause.
Waiting for more information for that one.
Updated by Alexis Mousset about 2 years ago
- Priority changed from 41 to 35
we could try to remove the workaround now that the implemention is replaced.