Your message dated Tue, 26 May 2026 10:14:14 +0000
with message-id <[email protected]>
and subject line Bug#1134418: Removed package(s) from unstable
has caused the Debian Bug report #676322,
regarding Provide a general purpose 'rt' group for non-web utilities to run
under
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
676322: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676322
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: request-tracker4
Version: 4.0.5-1~bpo60+1
Severity: normal
rt-crontool is not useable with users outside of user root (not recommended)
and group www-data. The
documentation of RT-Crontool specifies:
---
This tool allows the user to run arbitrary perl modules from within RT. If this
tool were setgid, a hostile
local user could use this tool to gain administrative access to RT. It is
incredibly important that
nonprivileged users not be allowed to run this tool. It is suggested that you
create a non-privileged unix user
with the correct group membership and RT access to run this tool (see User
Configuration below).
[...]
rt-crontool should ideally be run by a special unprivileged operating system
user who has also been entered in
RT as a privileged user with global [= ModifyTicket ] and [= ShowTicket ]
rights. If you have created an
operating system user named rtcrontool, for instance, then create an RT user
with Username and Unix login set to
rtcrontool, check Let this user be granted rights, and assign a password. Then
under Configuration/Global/User
rights, add the two rights to the user you just created. This user should have
read access to the RT files such
as RT_Config.pm and RT_SiteConfig.pm. If, for example, the rt group has read
access to all the installed RT
files, you should assign your created user to that group (under UNIXen).
http://requesttracker.wikia.com/wiki/UseRtCrontool
---
It also seems, that runnint rt-crontool as root is inappropriate ("Somebody
indicates that you can run the tool
as root (uid 0), but that didn't work properly for me when using rt-crontool to
do priority escalation.").
In addition, simply using a unprivilged system account requires that account to
be in the group www-data, which
is doable, but not necessarily nice as the RT_SiteConfig.pm file's permissions
prevent access from other users:
-rw-r----- 1 root www-data 12405 29. Mär 17:09 RT_SiteConfig.pm
If I read the aforementioned Wiki page right, the default way would be having
RT have its own system group
which owns the files in question. That again would need Apache to be in that
system group, so I am not sure what
the ideal solution here is as both Apache and rt-crontool need access to the
configuration files.
However, adding rt-crontool users to www-data definitly is a workaround to with.
-- Package-specific info:
Changed files:
There are locally modified files in /usr/local/share/request-tracker4/,
these may (or may not) be the source of the problem.
-- System Information:
Debian Release: 6.0.5
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages request-tracker4 depends on:
ii dbconfig-common 1.8.46+squeeze.0 common framework for packaging dat
ii debconf [debconf- 1.5.36.1 Debian configuration management sy
ii fonts-droid [ttf- 20101110+git-3~bpo60+1 handheld device font with extensiv
ii libapache-session 1.87-1 Perl modules for keeping persisten
ii libcache-simple-t 0.27-2 Perl module to cache and expire ke
ii libcgi-emulate-ps 0.10-1~bpo60+1 PSGI adapter for CGI
ii libcgi-pm-perl 3.49-1squeeze1 module for Common Gateway Interfac
ii libcgi-psgi-perl 0.13-1~bpo60+1 Adapt CGI.pm to the PSGI protocol
ii libclass-accessor 0.34-1 Perl module that automatically gen
ii libclass-returnva 0.55-1 A return-value object that lets yo
ii libconvert-color- 0.05-1 Perl module for color space conver
ii libcss-squish-per 0.09-1 module to compact many CSS files i
ii libdata-ical-perl 0.16+dfsg-1 Perl module for manipulating iCale
ii libdatetime-local 1:0.45-1 Perl extension providing localizat
ii libdatetime-perl 2:0.6100-2 module for manipulating dates, tim
ii libdbi-perl 1.612-1 Perl Database Interface (DBI)
ii libdbix-searchbui 1.59-2~bpo60+1 Perl implementation of a simple OR
ii libdevel-globalde 0.02-1 Expose PL_dirty, the flag which ma
ii libdevel-stacktra 1.2700-1~bpo60+1 Perl module containing stack trace
ii libemail-address- 1.889-2 RFC 2822 Address Parsing and Creat
ii libencode-perl 2.44-1~bpo60+1 module providing interfaces betwee
ii libfcgi-procmanag 0.18-2 Functions for managing FastCGI app
ii libfile-sharedir- 1.00-0.1 Locate per-dist and per-module sha
ii libgd-graph-perl 1.44-3 Graph Plotting Module for Perl 5
ii libgd-text-perl 0.86-5 Text utilities for use with GD
ii libgnupg-interfac 0.42-3 Perl interface to GnuPG
ii libgraphviz-perl 2.04-1 Perl interface to the GraphViz gra
ii libhtml-mason-per 1:1.44-1 HTML::Mason Perl module
ii libhtml-mason-psg 0.52-1~bpo60+1 PSGI handler for HTML::Mason
ii libhtml-quoted-pe 0.03-1~bpo60+1 extract structure of quoted HTML m
ii libhtml-rewriteat 0.04-1~bpo60+1 concise attribute rewriting
ii libhtml-scrubber- 0.08-4 Perl extension for scrubbing/sanit
ii libipc-run3-perl 0.042-2 run a subprocess with input/ouput
ii libjson-perl 2.21-1 Perl module to parse and convert t
ii liblist-moreutils 0.25~02-1 Perl module with additional list f
ii liblocale-maketex 0.10-1 Maketext from already interpolated
ii liblocale-maketex 0.82-1 lexicon-handling backends for Loca
ii liblog-dispatch-p 2.29-1~bpo60+1 message dispatcher to multiple Log
ii libmailtools-perl 2.06-1 Manipulate email in perl programs
ii libmime-tools-per 5.428-1 Perl5 modules for MIME-compliant m
ii libmime-types-per 1.30-1 Perl extension for determining MIM
ii libmodule-version 1.06-1 Report versions of all modules in
ii libnet-cidr-perl 0.13-1 Manipulate IPv4/IPv6 netblocks in
ii libperlio-eol-per 0.14-1+b1 PerlIO layer for normalizing line
ii libplack-perl 0.9980-1~bpo60+2 interface between web servers and
ii libregexp-common- 0.02-1~bpo60+1 provide patterns for CIDR blocks
ii libregexp-common- 2010010201-1 module with common regular express
ii libregexp-ipv6-pe 0.03-1~bpo60+1 Regular expression for IPv6 addres
ii libtext-autoforma 1.669002-1 module for automatic text wrapping
ii libtext-password- 0.28-1 Perl module to generate pronouncea
ii libtext-quoted-pe 2.06-1 Perl module to extract the structu
ii libtext-template- 1.45-1 Text::Template perl module
ii libtext-wikiforma 0.78-1 translates Wiki formatted text int
ii libtext-wrapper-p 1.02-1 Simple word wrapping routine
ii libtime-modules-p 2006.0814-2 Various Perl modules for time/date
ii libtimedate-perl 1.2000-1 collection of modules to manipulat
ii libtree-simple-pe 1.18-1 A simple tree object
ii libuniversal-requ 0.13-1 Load modules from a variable
ii libxml-rss-perl 1.48-1 Perl module for managing RSS (RDF
ii libxml-simple-per 2.18-3 Perl module for reading and writin
ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction
ii perl-modules [lib 5.10.1-17squeeze3 Core Perl modules
ii postfix [mail-tra 2.7.1-1+squeeze1 High-performance mail transport ag
ii rsyslog [system-l 4.6.4-2 enhanced multi-threaded syslogd
ii rt4-apache2 4.0.5-1~bpo60+1 Apache 2 specific files for reques
ii rt4-clients 4.0.5-1~bpo60+1 mail gateway and command-line inte
ii rt4-db-postgresql 4.0.5-1~bpo60+1 PostgreSQL database backend for re
ii ttf-droid 20101110+git-3~bpo60+1 transitional dummy package
ii ucf 3.0025+nmu1 Update Configuration File: preserv
Versions of packages request-tracker4 recommends:
ii cron [cron-daemon] 3.0pl1-116 process scheduling daemon
request-tracker4 suggests no packages.
-- Configuration Files:
/etc/request-tracker4/RT_SiteConfig.d/40-timezone [Errno 13] Keine
Berechtigung: u'/etc/request-tracker4/RT_SiteConfig.d/40-timezone'
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Version: 4.4.7+dfsg-4+rm
Dear submitter,
as the package request-tracker4 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/1134418
The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.
Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)
--- End Message ---
