Project

General

Profile

Bug #8181

Error message about setgid on ncf.conf

Added by Alexis MOUSSET about 4 years ago. Updated almost 4 years ago.

Status:
Released
Priority:
N/A
Category:
System techniques
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

During the first run after updating from 3.1.8 to 3.1.9 on SLES:

2016-04-14T16:59:23+0200    error: /default/propagatePromises/files/'/var/rudder/configuration-repository/ncf/ncf.conf'[0]: NEW SETGID root PROGRAM '/var/rudder/configuration-repository/ncf/ncf.conf'
#1

Updated by Jonathan CLARKE about 4 years ago

This happens because cf-agent keeps a log of all known SETUID/SETGID files it copies, and this is the first time it's seen ncf.conf as a SETGID file. As a matter of fact we contributed a patch to CFEngine to make these messages no longer "error" but "warning" instead (see https://github.com/cfengine/core/pull/2581) which will be available in the next patch release of CFEngine 3.7.

However, ncf.conf doesn't need to be SETGID. These lines in rudder-webapp's postinst script set SITGID a bit too liberally. We need SETGID on the /var/rudder/configuration-repository/{ncf,techniques} directories so that all files created there belong to the rudder group, so that ncf-api and others can read/write them. But we don't need it on files (the SETGID bit on files is only useful for executables, and there shouldn't be any there except for the ncf-api hooks).

#2

Updated by Jonathan CLARKE about 4 years ago

  • Target version changed from 3.1.10 to 2.11.21
#3

Updated by Jonathan CLARKE about 4 years ago

  • Subject changed from setgid on ncf.conf to Error message about setgid on ncf.conf
#4

Updated by Jonathan CLARKE about 4 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
#5

Updated by Jonathan CLARKE about 4 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/936
#6

Updated by Jonathan CLARKE about 4 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
#7

Updated by Vincent MEMBRÉ almost 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.21, 3.0.16, 3.1.10 and 3.2.3 which were released on 2016-06-01, but not announced.

Also available in: Atom PDF