[Bug 2065879] Re: landscape-config problem with hardened umask 027

Chris Johnston Wed, 30 Oct 2024 10:20:52 -0700

Confirmed this issue in Jammy is fixed using ppa:landscape/self-hosted-
beta


** Also affects: landscape-client (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: landscape-client (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Description changed:

- Hi
+ [ Impact ]
  
- It is not possible to register a new server with "landscape-config" when
- using hardened umask. We use umask 027 due to CIS requirements, this
- creates files under /var/lib/landscape/client/ which the landscape user
- cant read, which causes the service fail to start.
+  It is not possible to register a new server with "landscape-config"
+ when using hardened umask. We use umask 027 due to CIS requirements,
+ this creates files under /var/lib/landscape/client/ which the landscape
+ user cant read, which causes the service fail to start.
  
- How to reproduce:
- # umask 027
- # landscape-config --computer-title test--account-name standalone  --url 
https://test.net/message-system --ping-url http://test.net/ping 
--ssl-public-key /etc/landscape/test.pem
+ [ Test Plan ]
  
- Fails with:
- Traceback (most recent call last):
- Failure: twisted.internet.error.ConnectError: An error occurred while 
connecting: 2: No such file or directory.
+ # umask 027  
+ # landscape-config --computer-title test--account-name standalone --url 
[https://test.net/message-system](https://test.net/message-system) --ping-url 
[http://test.net/ping](http://test.net/ping) --ssl-public-key 
/etc/landscape/test.pem
  
- # ls -l  /var/lib/landscape/client/
- total 52
- drwxr-xr-x 2 landscape landscape  4096 May 16 13:53 annotations.d
- -rw-r----- 1 root      root         33 May 16 13:54 broker.bpickle
- -rw-r----- 1 root      root         47 May 16 13:53 broker.bpickle.old
- drwxr-xr-x 2 landscape root       4096 May 16 13:53 custom-graph-scripts
- -rw-r--r-- 1 root      root      12288 May 16 13:53 manager.database
- drwxr-xr-x 2 landscape root       4096 May 16 13:53 messages
- -rw-r--r-- 1 landscape landscape    23 May 16 13:53 monitor.bpickle
- -rw-r--r-- 1 landscape landscape    23 May 16 13:53 monitor.bpickle.old
- drwxr-xr-x 5 landscape root       4096 May 16 13:53 package
- drwxr-x--- 2 landscape root       4096 May 16 13:53 sockets
- -rwxr-xr-x 1 landscape root        100 May 16 13:52 user-update-flag
+ Should see a successful registration
  
- Rerun with umask 022:
- #umask 022
- # landscape-config --computer-title test--account-name standalone  --url 
https://test.net/message-system --ping-url http://test.net/ping 
--ssl-public-key /etc/landscape/test.pem
+ # ls -l /var/lib/landscape/client/  
+ total 60  
+ drwxr-xr-x 2 landscape landscape 4096 May 16 13:53 annotations.d  
+ -rw-r--r-- 1 landscape landscape 364 May 16 13:56 broker.bpickle  
+ -rw-r--r-- 1 landscape landscape 1085 May 16 13:56 broker.bpickle.old  
+ drwxr-xr-x 2 landscape root 4096 May 16 13:53 custom-graph-scripts  
+ -rw-r--r-- 1 root root 12288 May 16 13:53 manager.database  
+ drwxr-xr-x 3 landscape root 4096 May 16 13:56 messages  
+ -rw-r--r-- 1 landscape landscape 12602 May 16 13:56 monitor.bpickle  
+ -rw-r--r-- 1 landscape landscape 23 May 16 13:56 monitor.bpickle.old  
+ drwxr-xr-x 5 landscape root 4096 May 16 13:56 package  
+ drwxr-x--- 2 landscape root 4096 May 16 13:56 sockets
  
- Registration request sent successfully.
+ [ Where problems could occur ]
  
- # ls -l  /var/lib/landscape/client/
- total 60
- drwxr-xr-x 2 landscape landscape  4096 May 16 13:53 annotations.d
- -rw-r--r-- 1 landscape landscape   364 May 16 13:56 broker.bpickle
- -rw-r--r-- 1 landscape landscape  1085 May 16 13:56 broker.bpickle.old
- drwxr-xr-x 2 landscape root       4096 May 16 13:53 custom-graph-scripts
- -rw-r--r-- 1 root      root      12288 May 16 13:53 manager.database
- drwxr-xr-x 3 landscape root       4096 May 16 13:56 messages
- -rw-r--r-- 1 landscape landscape 12602 May 16 13:56 monitor.bpickle
- -rw-r--r-- 1 landscape landscape    23 May 16 13:56 monitor.bpickle.old
- drwxr-xr-x 5 landscape root       4096 May 16 13:56 package
- drwxr-x--- 2 landscape root       4096 May 16 13:56 sockets
+ TBD
  
- System info:
- root@ubuntu2404:~# dpkg -l |grep landsca
- ii  landscape-client                     24.02-0ubuntu5                       
   amd64        Landscape administration system client
- ii  landscape-common                     24.02-0ubuntu5                       
   amd64        Landscape 
+ [ Other Info ]
  
- 
- Distributor ID: Ubuntu
- Description:    Ubuntu 24.04 LTS
- Release:        24.04
- Codename:       noble
+ TBD

** Summary changed:

- landscape-config problem with hardened umask 027
+ [SRU] landscape-config problem with hardened umask 027

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065879

Title:
  [SRU] landscape-config problem with hardened umask 027

To manage notifications about this bug go to:
https://bugs.launchpad.net/landscape-client/+bug/2065879/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2065879] Re: landscape-config problem with hardened umask 027

Reply via email to