Bug #5172: ncf-api does not run as root and cannot use command to read/write promises - Rudder - Issue Tracker

Actions

Bug #5172

closed

ncf-api does not run as root and cannot use command to read/write promises

Added by Vincent MEMBRÉ almost 10 years ago. Updated almost 10 years ago.

Status:

Released

Priority:

N/A

Assignee:

Jonathan CLARKE

Category:

System integration

Target version:

Pull Request:

https://github.com/Normation/rudder-p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

ncf-api cannot write or read completetly data from techniques:

Since it's run as apache user you can't run cf-promises from /var/rudder/cfengine-community/bin, not run as root hooks from ncf-hooks.d

Several ways:

run the app as root
add commands in path and use sudo, modify sudoer so that user apache can use it

Subtasks 7 (0 open — 7 closed)

	Bug #5194: correct permission on /var/rudder/configuration-repository so ncf-builder can write/delete techniques	Released	Jonathan CLARKE	2014-07-03			Actions
	Bug #5209: Some issues on perms still persists even with shared repository	Released	Vincent MEMBRÉ	2014-07-03			Actions
	Bug #5220: The package rudder-webapp enforce mode of all files/folder under /var/rudder/configuration-files into '2775'	Released	Jonathan CLARKE	2014-07-04			Actions
	Bug #5212: The group 'rudder' can't be added on SLES or RHEL during installation of rudder-webapp	Released	Jonathan CLARKE	2016-11-14			Actions
	Bug #9674: Wrong group parameter during installation of rudder-webapp	Released	Alexis Mousset	2016-11-14			Actions
	Bug #5229: ncf-api needs to adjust permissions on .git	Released	Jonathan CLARKE	2014-07-07			Actions
	Bug #5227: rudder-webapp fails with chmod in its postinst as bashism does not work	Released	Jonathan CLARKE	2014-07-07			Actions

Actions

#1

Updated by Vincent MEMBRÉ almost 10 years ago

Description updated (diff)

We can't run a wsgi application as root.

We need to find a way to run cf-promises as apache without being root

Is it possible to force running a program as root ?

About ncf hooks, We could set a group rudder on /var/rudder/configuration-repository, and add apache user in rudder group

Actions

#2

Updated by Matthieu CERDA almost 10 years ago

Project changed from 41 to 34
Status changed from New to In progress
Assignee changed from Vincent MEMBRÉ to Matthieu CERDA

Actions

#3

Updated by Matthieu CERDA almost 10 years ago

Target version set to 2.11.0~beta2

We are going to make the api wsgi run as user ncf, to eventually add it to a rudder group, having the access rights to the necessary directories :)

Actions

#4

Updated by Matthieu CERDA almost 10 years ago

Status changed from In progress to Pending technical review
Assignee changed from Matthieu CERDA to Jonathan CLARKE
% Done changed from 0 to 100
Pull Request set to https://github.com/Normation/rudder-packages/pull/422

PR is ready !

Actions

#5

Updated by Vincent MEMBRÉ almost 10 years ago

Target version changed from 2.11.0~beta2 to 2.11.0~rc1

Actions

#6

Updated by Matthieu CERDA almost 10 years ago

Status changed from Pending technical review to Pending release

Applied in changeset commit:a6e277e97ff1889fc0dfbe92a08f9358e5f2a991.

Actions

#7

Updated by Jonathan CLARKE almost 10 years ago

Applied in changeset commit:8964eb01b1f032ba924d090535c2af3ec6e8b149.

Actions

#8

Updated by Vincent MEMBRÉ almost 10 years ago

Project changed from 34 to Rudder
Category set to System integration

Actions

#9

Updated by Vincent MEMBRÉ almost 10 years ago

Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.0~rc1 (announcement , changelog), which was released today.

Download information: https://www.rudder-project.org/site/get-rudder/downloads/

Actions

Also available in: Atom PDF