** Also affects: cobbler (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: cobbler (Ubuntu Quantal)
Importance: Undecided
Status: New
** Changed in: cobbler (Ubuntu Precise)
Status: New => In Progress
** Changed in: cobbler (Ubuntu Precise)
Assignee: (unassigned) => C de-Avillez (hggdh2)
** Changed in: cobbler (Ubuntu Quantal)
Status: New => Triaged
** Changed in: cobbler (Ubuntu Quantal)
Assignee: (unassigned) => C de-Avillez (hggdh2)
** Description changed:
Every so often -- in fact whenever a new debian-installer is released
for Precise -- we re-import the distro. In the process, the TFTP boot
files are regenerated.
Somehow this changes /var/lib/tftpboot permissions on subdirectories and
files. The result is NOT guaranteed to be bad, and it is NOT guaranteed
to affect the same directories and files in the same way.
For example, the last occurence (today) shows only this change:
55,56c55,56
< drwxr-xr-x 2 root root 4096 2012-03-22 23:13 precise-i386
< drwxr-xr-x 2 root root 4096 2012-03-22 23:13 precise-x86_64
---
> d-w---x--- 2 root root 4096 2012-03-28 04:31 precise-i386
> d-w---x--- 2 root root 4096 2012-03-28 04:31 precise-x86_64
Notice the completely hosed permissions on the new directories.
As a result PXE booting may fail (in this case DID fail).
This is a serious issue, impacting automated testing.
WORKAROUND:
find /var/lib/tftpboot -type d -exec sudo chmod 755 {} \;
find /var/lib/tftpboot -type f -exec sudo chmod 644 {} \;
but this is rather ridiculous ;-)
ProblemType: BugDistroRelease: Ubuntu 11.10
Package: cobbler 2.1.0+git20110602-0ubuntu26.2
ProcVersionSignature: Ubuntu 3.0.0-12.20-server 3.0.4
Uname: Linux 3.0.0-12-server x86_64
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Wed Mar 28 21:52:56 2012InstallationMedia: Ubuntu-Server 11.04 "Natty
Narwhal" - Release amd64 (20110426)
PackageArchitecture: allSourcePackage: cobblerUpgradeStatus: Upgraded to
oneiric on 2011-11-16 (133 days ago)
SRU Justifications
[IMPACT]
This bug causes the TFTP boot directories to be unreadable by PXE or
TFTP. The change replaces wrong calls to os.umask() by direct open/close
calls, with specific permissions. As a result, the program's default
umask is not cobblered.
There is no visible impact on applying this fix elsewhere in the code.
[TESTCASE]
1. On an unpatched running Cobbler, set a script to run 'sudo cobbler sync'
every half hour or so; let it run for a few hours/days
2. meanwhile check /var/lib/tftpboot (or whatever directory the PXE boot
files are written to) for changes in the permissions: find /var/lib/tftpboot !
-perm -444
3. If the 'find' on (3) shows any files -- you reproduced the bug. Follow up
to 4. below; otherwise, go back to 2. and try again
4. recover the /var/lib/tftpboot:
- find /var/lib/tftpboot -type d -exec sudo chmod 755 {} \;
- find /var/lib/tftpboot -type f -exec sudo chmod 644 {} \
+ find /var/lib/tftpboot -type d -exec sudo chmod 755 {} \;
+ find /var/lib/tftpboot -type f -exec sudo chmod 644 {} \
5. apply the update
6. re-run the script/command 'sudo clobbler sync' every half hour or so; let
it run for a few days.
7. repeat step 2. above every so often; you should see *no* files without
read permission being listed.
8. wait the few days.
repeat step 2. once more -- no files should be listed.
9. DONE.
[REGRESSION POTENTIAL]
- No regressions potentials have been identified.
+ No regression potentials have been identified.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/967815
Title:
/var/lib/tftpboot directory permissions destroyed
To manage notifications about this bug go to:
https://bugs.launchpad.net/cobbler/+bug/967815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
