Project

General

Profile

Actions

Bug #8181

closed

Error message about setgid on ncf.conf

Added by Alexis Mousset almost 8 years ago. Updated almost 8 years ago.

Status:
Released
Priority:
N/A
Category:
System techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

During the first run after updating from 3.1.8 to 3.1.9 on SLES:

2016-04-14T16:59:23+0200    error: /default/propagatePromises/files/'/var/rudder/configuration-repository/ncf/ncf.conf'[0]: NEW SETGID root PROGRAM '/var/rudder/configuration-repository/ncf/ncf.conf'
Actions #1

Updated by Jonathan CLARKE almost 8 years ago

This happens because cf-agent keeps a log of all known SETUID/SETGID files it copies, and this is the first time it's seen ncf.conf as a SETGID file. As a matter of fact we contributed a patch to CFEngine to make these messages no longer "error" but "warning" instead (see https://github.com/cfengine/core/pull/2581) which will be available in the next patch release of CFEngine 3.7.

However, ncf.conf doesn't need to be SETGID. These lines in rudder-webapp's postinst script set SITGID a bit too liberally. We need SETGID on the /var/rudder/configuration-repository/{ncf,techniques} directories so that all files created there belong to the rudder group, so that ncf-api and others can read/write them. But we don't need it on files (the SETGID bit on files is only useful for executables, and there shouldn't be any there except for the ncf-api hooks).

Actions #2

Updated by Jonathan CLARKE almost 8 years ago

  • Target version changed from 3.1.10 to 2.11.21
Actions #3

Updated by Jonathan CLARKE almost 8 years ago

  • Subject changed from setgid on ncf.conf to Error message about setgid on ncf.conf
Actions #4

Updated by Jonathan CLARKE almost 8 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
Actions #5

Updated by Jonathan CLARKE almost 8 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/936
Actions #6

Updated by Jonathan CLARKE almost 8 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #7

Updated by Vincent MEMBRÉ almost 8 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.21, 3.0.16, 3.1.10 and 3.2.3 which were released on 2016-06-01, but not announced.

Actions

Also available in: Atom PDF