Project

General

Profile

Actions

Bug #5229

closed

Bug #5172: ncf-api does not run as root and cannot use command to read/write promises

Bug #5194: correct permission on /var/rudder/configuration-repository so ncf-builder can write/delete techniques

ncf-api needs to adjust permissions on .git

Added by Nicolas PERRON over 10 years ago. Updated over 10 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
Jonathan CLARKE
Category:
-
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

In the rudder-webapp postinst, the use of the command "git commit -m 'initial commit'" create a file with mode 644, which is the default mode. It leads to an error with ncf post-hook since the previous command create the file 'COMMIT_EDITMSG' :

root@rudder-snapshot:/var/rudder/configuration-repository# tail /var/log/apache2/error.log
[...]
[Mon Jul 07 11:33:05 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf
[Mon Jul 07 11:33:29 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf
fatal: could not open '.git/COMMIT_EDITMSG': Permission denied
fatal: could not open '.git/COMMIT_EDITMSG': Permission denied
[Mon Jul 07 11:47:01 2014] [error] INFO: Alternative source path added: /var/rudder/configuration-repository/ncf

To ensure that no other file could be created during the postinst, we should add permissions to group recursively on all .git.

Actions

Also available in: Atom PDF