Actions
Bug #27957
closed
Ensure correct permissions for extracted file in HTTP update
Bug #27957:
Ensure correct permissions for extracted file in HTTP update
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
Currently some file shave r perms for group, preventing cf-execd start:
Nov 30 21:11:20 nrm-vir-devtools-01 systemd[1]: Started rudder-cf-execd.service - CFEngine Execution Scheduler. Nov 30 21:11:20 nrm-vir-devtools-01 cf-execd[57151]: error: File /var/rudder/ncf/local/30_generic_methods/registry_entry_absent.cf (owner 0) is writable by others (security exception) Nov 30 21:11:20 nrm-vir-devtools-01 cf-execd[57151]: File /var/rudder/ncf/local/30_generic_methods/registry_entry_absent.cf (owner 0) is writable by others (security exception) Nov 30 21:11:20 nrm-vir-devtools-01 systemd[1]: rudder-cf-execd.service: Main process exited, code=exited, status=1/FAILURE Nov 30 21:11:20 nrm-vir-devtools-01 systemd[1]: rudder-cf-execd.service: Failed with result 'exit-code'.
Updated by Alexis Mousset 4 months ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset 4 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-agent/pull/447
Updated by Alexis Mousset 4 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-agent|d35f75fca6f76a7a236973af608be99746facbbd.
Updated by Alexis Mousset 4 months ago
- Subject changed from Ensure correct permissions for extarcted file in HTTP update to Ensure correct permissions for extracted file in HTTP update
Updated by Alexis Mousset 4 months ago
- Fix check changed from To do to Checked
root@agent1:~# ls -ahl /var/rudder/ncf/local/30_generic_methods/ total 88K drwx------ 2 root root 4.0K Dec 9 09:33 . drwx------ 3 root root 4.0K Dec 9 09:35 .. -rw------- 1 root root 2.3K Dec 9 09:33 audit_from_powershell_execution.cf -rw------- 1 root root 1.4K Dec 9 09:33 dsc_apply.cf -rw------- 1 root root 1.7K Dec 9 09:33 dsc_built_in_resource.cf -rw------- 1 root root 3.4K Dec 9 09:33 dsc_from_configuration.cf -rw------- 1 root root 1.4K Dec 9 09:33 dsc_mof_file_apply.cf -rw------- 1 root root 2.4K Dec 9 09:33 package_state_windows.cf -rw------- 1 root root 2.0K Dec 9 09:33 permissions_ntfs.cf -rw------- 1 root root 2.6K Dec 9 09:33 powershell_execution.cf -rw------- 1 root root 1.1K Dec 9 09:33 registry_entry_absent.cf -rw------- 1 root root 1.5K Dec 9 09:33 registry_entry_present.cf -rw------- 1 root root 934 Dec 9 09:33 registry_key_absent.cf -rw------- 1 root root 977 Dec 9 09:33 registry_key_present.cf -rw------- 1 root root 411 Dec 9 09:33 service_status.cf -rw------- 1 root root 1.8K Dec 9 09:33 user_in_local_group.cf -rw------- 1 root root 1.4K Dec 9 09:33 user_password_clear.cf -rw------- 1 root root 389 Dec 9 09:33 user_status.cf -rw------- 1 root root 1.3K Dec 9 09:33 windows_component_absent.cf -rw------- 1 root root 1.3K Dec 9 09:33 windows_component_present.cf -rw------- 1 root root 1.3K Dec 9 09:33 windows_hotfix_absent.cf -rw------- 1 root root 1.4K Dec 9 09:33 windows_hotfix_present.cf
root@agent1:~# systemctl status rudder-cf-execd
● rudder-cf-execd.service - CFEngine Execution Scheduler
Loaded: loaded (/lib/systemd/system/rudder-cf-execd.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-12-09 09:21:46 UTC; 14min ago
Main PID: 438 (cf-execd)
Tasks: 1 (limit: 4645)
Memory: 22.5M
CPU: 2.736s
CGroup: /system.slice/rudder-cf-execd.service
└─438 /opt/rudder/bin/cf-execd --no-fork
Dec 09 09:21:46 agent1 systemd[1]: Started rudder-cf-execd.service - CFEngine Execution Scheduler.
Updated by Vincent MEMBRÉ 4 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 9.0.2 which was released today.
Actions