severity 405880 important retitle 405880 kde-guidance userconfig breaks login permissions tags 405880 + patch
thanks hi, guidance reported bug, is a bug fixed in 0.6.3. i created a new user with 0.7.0 and permissions were set correctly. i was able to log into console using the new user. Modestas Vainius suggests to change umask to reproduce the bug. So umask 0066 breaks file creation, but it isn't guidance fault. Current guidance (0.7.0) keep perms as they are. I wasn't able to reproduce it until i changed my umask. i reduced severity to important as it isn't completely guidance fault. Modestas provided a patch, submitted to upstream. i expect to have a proper solution soon :) cheers, Fathi
diff -uNr kde-guidance-0.7.0.old/userconfig/unixauthdb.py kde-guidance-0.7.0/userconfig/unixauthdb.py --- kde-guidance-0.7.0.old/userconfig/unixauthdb.py 2007-01-07 12:26:57.000000000 +0200 +++ kde-guidance-0.7.0/userconfig/unixauthdb.py 2007-01-07 13:35:09.000000000 +0200 @@ -17,10 +17,12 @@ import fcntl import time import os +import os.path import stat import shutil import codecs import locale +import tempfile ldaperror = "" try: @@ -28,6 +30,20 @@ except ImportError: ldaperror = "The LDAP Python Module is not installed, but needed to use LDAP. Install it." +def createTempFile(origfile): + origstat = os.stat(origfile) + tmp_prefix = os.path.basename(origfile) + "." + tmp_dir = os.path.dirname(origfile) + try: + ret = tempfile.mkstemp(prefix=tmp_prefix, dir=tmp_dir) + except: + raise IOError, "Unable to create a new temporary file for " + origfile + (fd, tmpfile) = ret + shutil.copymode(origfile, tmpfile) + os.chown(tmpfile, origstat.st_uid, origstat.st_gid) + + return ret + def getContext(editmode=False): """Get a Context object describing the system's authorisation database. @@ -820,54 +836,46 @@ self._sanityCheck() # Write out the new password file. - origstat = os.stat(self.__passwordfile) - tmpname = self.__passwordfile+".TMP" - fd = os.open(tmpname, os.O_CREAT|os.O_WRONLY|os.O_TRUNC, origstat.st_mode) + (fd, tmpname) = createTempFile(self.__passwordfile) for u in self._users: os.write(fd, u._getPasswdEntry().encode(locale.getpreferredencoding(),'replace')) #print u._getPasswdEntry() os.close(fd) - os.chown(tmpname, origstat.st_uid, origstat.st_gid) # Update the passwd file passwordlock = os.open(self.__passwordfile, os.O_WRONLY) # FIXME encoding if LockFDWrite(passwordlock)==False: raise IOError,"Couldn't get a write lock on "+self.__passwordfile try: - os.rename(self.__passwordfile+".TMP",self.__passwordfile) + os.rename(tmpname, self.__passwordfile) finally: UnlockFD(passwordlock) os.close(passwordlock) # Write out the new group file - origstat = os.stat(self.__groupfile) - tmpname = self.__groupfile+".TMP" - fd = os.open(tmpname, os.O_CREAT|os.O_WRONLY|os.O_TRUNC, origstat.st_mode) + (fd, tmpname) = createTempFile(self.__groupfile) for g in self._groups: os.write(fd,g._getGroupFileEntry().encode(locale.getpreferredencoding())) #print g._getGroupFileEntry()[:-1] os.close(fd) - os.chown(tmpname, origstat.st_uid, origstat.st_gid) # Update the group file. grouplock = os.open(self.__groupfile, os.O_WRONLY) if LockFDWrite(grouplock)==False: raise IOError,"Couldn't get write lock on "+self.__groupfile try: - os.rename(self.__groupfile+".TMP",self.__groupfile) + os.rename(tmpname, self.__groupfile) finally: UnlockFD(grouplock) os.close(grouplock) # Write out the new shadow file origstat = os.stat(self.__shadowfile) - tmpname = self.__shadowfile+".TMP" - fd = os.open(tmpname, os.O_CREAT|os.O_WRONLY|os.O_TRUNC, origstat.st_mode|stat.S_IWUSR) + (fd, tmpname) = createTempFile(self.__shadowfile) for u in self._users: os.write(fd,u._getShadowEntry().encode(locale.getpreferredencoding())) #print u._getShadowEntry()[:-1] os.close(fd) - os.chown(tmpname, origstat.st_uid, origstat.st_gid) # Update the shadow file. @@ -879,7 +887,7 @@ if LockFDWrite(shadowlock)==False: raise IOError,"Couldn't get write lock on "+self.__shadowfile try: - os.rename(self.__shadowfile+".TMP",self.__shadowfile) + os.rename(tmpname, self.__shadowfile) finally: UnlockFD(shadowlock) os.close(shadowlock)