Bug #8065
closed
Added by Alexandre Anriot over 8 years ago.
Updated over 2 years ago.
Category:
System integration
Description
Hello,
As seens with François, if the server as Posix ACL with a "default" type like that:
- file: var/rudder/configuration-repository/.git/objects
- owner: root
- group: rudder
- flags:
s
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
Then on that case, user "ncf-api-venv", belonging to "rudder", does NOT have write rights on Git repos because of "default:group::r-x".
To prevent that case, the installation shoud delete ACL rules with the following command:
setfacl -R -k /var/rudder/
Thanks !
- Subject changed from ACL Posix sur le dépôt Git to ACL Posix on Git repos
- Description updated (diff)
- Translation missing: en.field_tag_list set to Sponsored
- Category set to System integration
- Assignee set to Alexis Mousset
- Target version set to 3.0.15
Alexis,
I think you're the most suited for this one
- Target version changed from 3.0.15 to 3.0.16
Alexandre Anriot wrote:
Hello,
As seens with François, if the server as Posix ACL with a "default" type like that:
- file: var/rudder/configuration-repository/.git/objects
- owner: root
- group: rudder
- flags:
s
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
Then on that case, user "ncf-api-venv", belonging to "rudder", does NOT have write rights on Git repos because of "default:group::r-x".
To prevent that case, the installation shoud delete ACL rules with the following command:
setfacl -R -k /var/rudder/
Thanks !
Thanks for the report, Alex. We'll implement this command on initial installation only (then, if a user modifies their ACLs, they can, if they know what they're doing).
- Translation missing: en.field_tag_list changed from Sponsored to Sponsored, Next minor release
- Target version changed from 3.0.16 to 2.11.21
- Status changed from New to In progress
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-packages/pull/916
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.11.21, 3.0.16, 3.1.10 and 3.2.3 which were released on 2016-06-01, but not announced.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by Jonathan CLARKE 
Updated by