[Bug 608623] [NEW] euca-revoke removes the wrong group authorization

Andreas Hasenack andreas at canonical.com
Thu Jul 22 10:13:51 BST 2010 

Public bug reported:

Binary package hint: euca2ools

I have a security group and have authorized traffic from two other
groups to it, "web" and "lds":

andreas at nsn2:~$ euca-describe-groups ssh
GROUP	admin	ssh	Allows 22/tcp from everywhere
PERMISSION	admin	ssh	ALLOWS	tcp	22	22	FROM	CIDR	0.0.0.0/0
PERMISSION	admin	ssh	ALLOWS	tcp	0	65535	GRPNAME	web
PERMISSION	admin	ssh	ALLOWS	udp	0	65535	GRPNAME	web
PERMISSION	admin	ssh	ALLOWS	icmp	-1	-1	GRPNAME	web
PERMISSION	admin	ssh	ALLOWS	tcp	0	65535	GRPNAME	lds
PERMISSION	admin	ssh	ALLOWS	udp	0	65535	GRPNAME	lds
PERMISSION	admin	ssh	ALLOWS	icmp	-1	-1	GRPNAME	lds


Now I remove this authorization for the "lds" group:

andreas at nsn2:~$ euca-revoke -o lds -u admin ssh
GROUP	ssh
PERMISSION	ssh	ALLOWS	USER	admin	GRPNAME	lds


Listing the "ssh" group now shows that the "lds" group is still there and the "web" one was removed instead:

andreas at nsn2:~$ euca-describe-groups ssh
GROUP	admin	ssh	Allows 22/tcp from everywhere
PERMISSION	admin	ssh	ALLOWS	tcp	22	22	FROM	CIDR	0.0.0.0/0
PERMISSION	admin	ssh	ALLOWS	tcp	0	65535	GRPNAME	lds
PERMISSION	admin	ssh	ALLOWS	udp	0	65535	GRPNAME	lds
PERMISSION	admin	ssh	ALLOWS	icmp	-1	-1	GRPNAME	lds


This is against a cloud controller on lucid, running:

$ dpkg -l|grep eucalyptus
ii  eucalyptus-cc                            1.6.2-0ubuntu30.3                               Elastic Utility Computing Architecture - Clu
ii  eucalyptus-cloud                         1.6.2-0ubuntu30.3                               Elastic Utility Computing Architecture - Clo
ii  eucalyptus-common                        1.6.2-0ubuntu30.3                               Elastic Utility Computing Architecture - Com
ii  eucalyptus-gl                            1.6.2-0ubuntu30.3                               Elastic Utility Computing Architecture - Log
ii  eucalyptus-java-common                   1.6.2-0ubuntu30.3                               Elastic Utility Computing Architecture - Com
ii  eucalyptus-sc                            1.6.2-0ubuntu30.3                               Elastic Utility Computing Architecture - Sto
ii  eucalyptus-walrus                        1.6.2-0ubuntu30.3                               Elastic Utility Computing Architecture - Wal
ii  libeucalyptus-commons-ext-java           0.5.0-0ubuntu2                                  Eucalyptus commons external Java library


The client has this version os euca2ools installed and is also lucid:
ii  euca2ools                                     1.2-0ubuntu10                                 managing cloud instances for Eucalyptus

** Affects: eucalyptus
     Importance: Undecided
         Status: New

** Affects: euca2ools (Ubuntu)
     Importance: Undecided
         Status: New

-- 
euca-revoke removes the wrong group authorization
https://bugs.launchpad.net/bugs/608623
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to euca2ools in ubuntu.

More information about the Ubuntu-server-bugs mailing list