Project

General

Profile

Actions

Bug #17911

closed

/opt/rudder/etc/htpasswd-webdav-initial incorrect permissions

Added by Richard Harvey over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
N/A
Assignee:
-
Category:
System integration
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
32
Name check:
To do
Fix check:
To do
Regression:

Description

Hi there,

I've upgraded from 5.0.16 to 6.1.1 and couldn't add a new host (all previously added hosts were working fine).

Rudder agent was failing on
/usr/bin/curl --tlsv1.2 --location --insecure --fail --silent --proxy '' --user rudder:rudder --upload-file /var/rudder/inventories/[OCS.sign file name].ocs.sign https://[server]/inventories/

Receiving an error 500, server side the following apache error was showing
[authn_file:error] [pid 35972:tid 139700698334976] (13)Permission denied: [client [serverIP]:50816] AH01620: Could not open password file: /opt/rudder/etc/htpasswd-webdav-initial

File existed but was owned by root 600

It's entirely possible this occured in previous version 5 upgrades as I haven't added a new host for a while.

Actions #1

Updated by Richard Harvey over 3 years ago

Changing owner to www-data resolved the issue.

Actions #2

Updated by François ARMAND over 3 years ago

Hello, thanks for reporting.

A normal install has the following rights:

-rw-r-----.  1 root www-data 45  3 juil. 18:15 htpasswd-webdav
-rw-r--r--.  1 root root     45  3 juil. 18:13 htpasswd-webdav-initial

So the problem seems to be more the 600 that the file owner.

What distribution are you using? (debian based given www-data ?)

Actions #3

Updated by Richard Harvey over 3 years ago

  • Subject changed from /opt/rudder/etc/htpasswd-webdav-initial not owned by www-data after upgrade to /opt/rudder/etc/htpasswd-webdav-initial incorrect permissions

François ARMAND wrote in #note-2:

Hello, thanks for reporting.

A normal install has the following rights:

[...]

So the problem seems to be more the 600 that the file owner.

What distribution are you using? (debian based given www-data ?)

Correct, Debian 10. I have corrected ownership/permissions to what you've suggested should be default. The other file was totally fine in regards to ownership/permissions.

Thanks

Actions #4

Updated by François ARMAND over 3 years ago

  • Category set to System integration
  • Target version set to 5.0.18
  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 0 to 32

OK, I tried also with debian 10 from 6.0 to 6.1 and rights are ok, so it may come from before that, even if I don't know if the problem is in 5.0 or in how 6.1 handle migration from it.

Actions #5

Updated by François ARMAND over 3 years ago

  • Status changed from New to Resolved

I can confirm that upgrading debian10 from 6.0 to 6.1 lead to correct rights on that file. Since 5.0 is EOL, I'm closing that ticket. Of course, if anybody see that problem again, please feel free to reopen the ticket or a new one.

Actions

Also available in: Atom PDF