Bug #5229: ncf-api needs to adjust permissions on .git - Rudder - Issue Tracker

Actions

Copy link

Bug #5229

closed

Bug #5172: ncf-api does not run as root and cannot use command to read/write promises

Bug #5194: correct permission on /var/rudder/configuration-repository so ncf-builder can write/delete techniques

ncf-api needs to adjust permissions on .git

Added by Nicolas PERRON over 10 years ago. Updated over 10 years ago.

Status:

Released

Priority:

1 (highest)

Assignee:

Jonathan CLARKE

Category:

Target version:

2.11.0~rc1

Pull Request:

https://github.com/Normation/rudder-p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

In the rudder-webapp postinst, the use of the command "git commit -m 'initial commit'" create a file with mode 644, which is the default mode. It leads to an error with ncf post-hook since the previous command create the file 'COMMIT_EDITMSG' :

root@rudder-snapshot:/var/rudder/configuration-repository# tail /var/log/apache2/error.log
[...]
[Mon Jul 07 11:33:05 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf
[Mon Jul 07 11:33:29 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf
fatal: could not open '.git/COMMIT_EDITMSG': Permission denied
fatal: could not open '.git/COMMIT_EDITMSG': Permission denied
[Mon Jul 07 11:47:01 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf

To ensure that no other file could be created during the postinst, we should add permissions to group recursively on all .git.

Actions

Copy link

Updated by Nicolas PERRON over 10 years ago

Adjust permissions on .git/COMMIT_EDITMSG should suffice but it would be more prudent to ensure that all files under .git have the righ group permissions.

Actions

Copy link