Open
Bug 652618
Opened 13 years ago
Updated 11 years ago
Saving the params file should not change its owner and group
Categories
(Bugzilla :: Administration, task)
Tracking
()
NEW
People
(Reporter: michael.j.tosh, Unassigned)
Details
Attachments
(1 file)
1.70 KB,
patch
|
mkanat
:
review-
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 (.NET CLR 3.5.30729) Build Identifier: When the params file is rewritten, any time a param is changed, then the group permissions are not set properly. In order to properly set permissions, the user must run checksetup.pl after each change. I have "apache" user running under the "apache" group, but also a member of the "bz-run" group. I have set the webservergroup in localconfig to be "bz-run". I also have a local user account on the system (not my webserver) called "bz-admin", who is a member of "bz-run". For security reasons, we do not run whine.pl or collectstats.pl under the apache user, we instead run them under the bz-admin user. If a change is made to params, then whine.pl and collectstats.pl cannot run. Reproducible: Always The code to correct this problem, in Bugzilla/Install/Filesystem.pm, is only run if Bugzilla->usage_mode == USAGE_MODE_CMDLINE. I would expect that when recreating the params file, an expected change, that the permissions are set correctly.
Without this fix, whine.pl and collectstats.pl need to run as the apache user. With this fix, as long as they are a member of $webservergroup, they can read the params file.
Attachment #565292 -
Flags: review?(LpSolit)
Comment 2•13 years ago
|
||
Comment on attachment 565292 [details] [diff] [review] Code Patch Ver 1 >=== modified file 'Bugzilla/Config.pm' > sub _fix_perms { > # The webserver should never try to chown files. >- if (Bugzilla->usage_mode == USAGE_MODE_CMDLINE) { >+ if (Bugzilla->usage_mode == USAGE_MODE_CMDLINE || $force) { The comment is now wrong with this $force argument. I will let mkanat review this patch.
Attachment #565292 -
Flags: review?(LpSolit) → review?(mkanat)
Comment 3•13 years ago
|
||
Comment on attachment 565292 [details] [diff] [review] Code Patch Ver 1 Review of attachment 565292 [details] [diff] [review]: ----------------------------------------------------------------- The reason that that code is behind USAGE_MODE_CMDLINE is that Apache runs under only one user and one group--it can't normally change ownership on any other file. Also, we usually don't want the owner to change to the current user, when in the webserver, because that owner is Apache. Instead, perhaps we should investigate some way of creating the file with the same permissions as the original file. Perhaps using File::copy would do it.
Attachment #565292 -
Flags: review?(mkanat) → review-
Updated•13 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: params group ownership should be forced → Saving the params file should not change its owner and group
You need to log in
before you can comment on or make changes to this bug.
Description
•