[Bug 967815] Re: /var/lib/tftpboot directory permissions destroyed
C de-Avillez
hggdh2 at ubuntu.com
Thu Nov 15 17:52:11 UTC 2012
** Description changed:
Every so often -- in fact whenever a new debian-installer is released
for Precise -- we re-import the distro. In the process, the TFTP boot
files are regenerated.
Somehow this changes /var/lib/tftpboot permissions on subdirectories and
files. The result is NOT guaranteed to be bad, and it is NOT guaranteed
to affect the same directories and files in the same way.
For example, the last occurence (today) shows only this change:
55,56c55,56
< drwxr-xr-x 2 root root 4096 2012-03-22 23:13 precise-i386
< drwxr-xr-x 2 root root 4096 2012-03-22 23:13 precise-x86_64
---
> d-w---x--- 2 root root 4096 2012-03-28 04:31 precise-i386
> d-w---x--- 2 root root 4096 2012-03-28 04:31 precise-x86_64
Notice the completely hosed permissions on the new directories.
As a result PXE booting may fail (in this case DID fail).
This is a serious issue, impacting automated testing.
WORKAROUND:
find /var/lib/tftpboot -type d -exec sudo chmod 755 {} \;
find /var/lib/tftpboot -type f -exec sudo chmod 644 {} \;
but this is rather ridiculous ;-)
ProblemType: BugDistroRelease: Ubuntu 11.10
Package: cobbler 2.1.0+git20110602-0ubuntu26.2
ProcVersionSignature: Ubuntu 3.0.0-12.20-server 3.0.4
Uname: Linux 3.0.0-12-server x86_64
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Wed Mar 28 21:52:56 2012InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Release amd64 (20110426)
PackageArchitecture: allSourcePackage: cobblerUpgradeStatus: Upgraded to oneiric on 2011-11-16 (133 days ago)
+
+ SRU Justifications
+
+ [IMPACT]
+
+ This bug causes the TFTP boot directories to be unreadable by PXE or
+ TFTP. The change replaces wrong calls to os.umask() by direct open/close
+ calls, with specific permissions. As a result, the program's default
+ umask is not cobblered.
+
+ There is no visible impact on applying this fix elsewhere in the code.
+
+ [TESTCASE]
+
+ 1. On an unpatched running Cobbler, set a script to run 'sudo cobbler sync' every half hour or so; let it run for a few hours/days
+ 2. meanwhile check /var/lib/tftpboot (or whatever directory the PXE boot files are written to) for changes in the permissions: find /var/lib/tftpboot ! -perm -444
+ 3. If the 'find' on (3) shows any files -- you reproduced the bug. Follow up to 4. below; otherwise, go back to 2. and try again
+
+ 4. recover the /var/lib/tftpboot:
+ find /var/lib/tftpboot -type d -exec sudo chmod 755 {} \;
+ find /var/lib/tftpboot -type f -exec sudo chmod 644 {} \
+ 5. apply the update
+ 6. re-run the script/command 'sudo clobbler sync' every half hour or so; let it run for a few days.
+ 7. repeat step 2. above every so often; you should see *no* files without read permission being listed.
+ 8. wait the few days.
+ repeat step 2. once more -- no files should be listed.
+ 9. DONE.
+
+ [REGRESSION POTENTIAL]
+
+ No regressions potentials have been identified.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/967815
Title:
/var/lib/tftpboot directory permissions destroyed
To manage notifications about this bug go to:
https://bugs.launchpad.net/cobbler/+bug/967815/+subscriptions
More information about the Ubuntu-server-bugs
mailing list