Landscape Client

sources.list rewrite doesn't preserve original permissions

Bug #804548 reported by Andreas Hasenack on 2011-07-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Landscape Client	Fix Released	Medium	Alberto Donato	Landscape Client 11.07.1

Bug Description

With the repository profiles feature, /etc/apt/sources.list gets populated by landscape. Due to the use of mkstemp() and os.rename(), however, the file ends up having too tight permissions: root:root 0600.

The original ownership and permissions of the file, and the ones in sources.list.d (didn't check) should be preserved.

An example of a bad consequence of the tighter permissions can be seen on a desktop system. Pretty soon the user will see a big red "forbidden" icon in the notification area complaining about problems reading sources.list (see attached screenshot).

Tags:

Related branches

lp:~ack/landscape-client/sources.list-preserve-old-permissions

Merged into lp:~landscape/landscape-client/trunk at revision 339

Thomas Herve (community): Approve on 2011-07-06

Kevin McDermott (community): Approve on 2011-07-05

lp:ubuntu/oneiric/landscape-client

lp:~ahasenack/landscape-client/landscape-client-11.07.1.1-0ubuntu0.10.04.0

lp:~ahasenack/landscape-client/landscape-client-11.07.1.1-0ubuntu0.11.04.0

lp:~ahasenack/landscape-client/landscape-client-11.07.1.1-0ubuntu0.10.10.0

lp:ubuntu/lucid-proposed/landscape-client

lp:ubuntu/maverick-proposed/landscape-client

lp:ubuntu/natty-proposed/landscape-client

lp:~landscape/landscape-client/trunk

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2011-07-01:

Untitled window_003.png Edit (28.7 KiB, image/png)

tags:	added: squad-gama theme-repo-management
tags:	added: squad-gamma removed: squad-gama

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2011-07-01:

As a side note, os.rename() doesn't work accross devices, so if /tmp happens to be on a different partition, something common in certain server installations, the operation would fail.

    def _handle_sources(self, ignored, sources):
        """Handle sources repositories."""
        fd, path = tempfile.mkstemp()
(...)
        os.rename(path, self.SOURCES_LIST)

Example:
>>> import os,tempfile
>>> fd,path = tempfile.mkstemp()
>>> os.close(fd)
>>> path
'/tmp/tmp57KbcG'
>>> os.rename(path,"/home/andreas/foo")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 18] Invalid cross-device link
>>>

From the docs at http://docs.python.org/library/os.html?highlight=os.rename#os.rename:
"The operation may fail on some Unix flavors if src and dst are on different filesystems"

Björn Tillenius (bjornt) on 2011-07-04

tags:	added: story-apt-sources removed: theme-repo-management
Changed in landscape-client:
milestone:	backlog → 11.07.1

Alberto Donato (ack) on 2011-07-04

Changed in landscape-client:
status:	New → In Progress
assignee:	nobody → Alberto Donato (ack)

Alberto Donato (ack) on 2011-07-06

Changed in landscape-client:
status:	In Progress → Fix Committed

Revision history for this message

Alberto Donato (ack) wrote on 2011-07-06:

Need to fix ownership as well.

Changed in landscape-client:
status:	Fix Committed → In Progress

Alberto Donato (ack) on 2011-07-07

Changed in landscape-client:
status:	In Progress → Fix Committed

Andreas Hasenack (ahasenack) on 2011-07-26

tags:

added: verified

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2011-07-27: Please test proposed package

Hello Andreas, or anyone else affected,

Accepted landscape-client into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags:

added: verification-needed

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2011-07-27:

Verified with the landscape-client-11.07.1.1-0ubuntu0.10.04.0 package in lucid-proposed:

root@ls1-lucid:/etc/apt# apt-cache policy landscape-client
landscape-client:
  Installed: 11.07.1.1-0ubuntu0.10.04.0
  Candidate: 11.07.1.1-0ubuntu0.10.04.0
  Version table:
*** 11.07.1.1-0ubuntu0.10.04.0 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid-proposed/main Packages
        100 /var/lib/dpkg/status
     11.02-0ubuntu0.10.04.1 0
        500 http://security.ubuntu.com/ubuntu/ lucid-updates/main Packages
     1.5.0.1-0ubuntu0.10.04.0 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages

Permissions mangled to be root:landscape 0755 before, and remained like that after:

# l /etc/apt/sources.list
-rwxr-xr-x 1 root landscape 1.2K 2011-07-27 21:44 /etc/apt/sources.list

Revision history for this message

Chris Halse Rogers (raof) wrote on 2011-07-28:

Thanks for testing!

tags:

added: verification-done
removed: verification-needed

Revision history for this message

Martin Pitt (pitti) wrote on 2011-09-22:

Hello Andreas, or anyone else affected,

Accepted landscape-client into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags:	removed: verification-done
tags:	added: verification-needed

Revision history for this message

Martin Pitt (pitti) wrote on 2011-09-22:

Hello Andreas, or anyone else affected,

Accepted landscape-client into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2011-09-27:

Verified in Maverick and Natty, using the proposed packages, that the permissions and ownership of the sources.list and sources.list.d/* files are preserved after a repository profile is applied.

Andreas Hasenack (ahasenack) on 2011-10-03